Request a demo

When it comes to preparing your organization to defend against advanced cyber threats, there’s no substitute for hands-on experience. But how can your team gain familiarity with real-world cyberattacks without putting your company’s digital assets in jeopardy?

A cyber range gives security professionals a dedicated environment where they can practice defending against advanced threats within a simulation of their production environment. The hard part is knowing how to select a cyber range, because believe it or not, not all ranges offer the degree of realism needed to truly prepare your teams for actual security events.

It’s important to conduct your cybersecurity training exercises within a range that includes authentic background traffic — and lots of it — so your operators can learn to differentiate between normal and malicious activity. If you only have a small amount of traffic, the training will simply not be realistic enough and the experience will be ineffective.

User emulation is a breakthrough technology that goes beyond traditional network traffic simulation by providing realistic, randomized user activity. By leveraging a cyber range deployment that includes user emulation, security teams can train for cyber crisis scenarios without the consequences associated with an actual cyberattack.

How does user emulation work?

Simply put, user emulation simulates a busy live network with randomized activity. It injects background noise created by typical users as they interact with websites, use social media, and perform daily work tasks on tools like Microsoft Office and Google apps. These virtual users send and receive emails, click on links, post on simulated versions of sites like Facebook, and edit documents in Word, Excel, and Powerpoint — just as an actual employee would do.

Why is user emulation important?

It’s critical to train just as you would defend your network in the real world. Threat actors rely on cybersecurity professionals missing their nefarious activity, so if you don’t practice in a realistic environment, you’re making things easier for the bad guys.

User emulation is driven by customizable personas that perform common actions, providing unparalleled realism for training exercises. During a red vs. blue event, the blue team’s event log will be populated with routine activity, requiring cyber defenders to develop their ability to identify negligent or malicious actions within their logs.

The same logic applies to supply-chain attacks. When a threat actor enters through a low-value piece of hardware or software and then moves laterally through the network to access more valuable assets, routine traffic provides the camouflage that can make it difficult to identify an attack. With user emulation, your operators will be better able to differentiate normal activity from actions taken by threat actors.

Are there other ways to recreate network traffic?

Most cyber ranges provide a similar function in traffic simulation, but they do this through a playback of pre-recorded network activity. While this solution is useful at first for testing the volume of activity processed by a piece of network equipment, it is not particularly effective for training purposes. Due to the repetitive nature of pre-recorded activity, defenders quickly learn to identify the simulated activity.

The added realism gained by leveraging user emulation hinges on using individual personas. These virtual users act independently and perform actions based on their actual job responsibilities at random. The resulting activity mimics real-life scenarios and is unique for every exercise.

User Emulation Video_Thumbnail

Click here for a short video intro to user emulation.

Building team readiness with user emulation

Conducting cyber training exercises using a range providing high-fidelity environments is the best way to give your security teams the hands-on experience they need to defend against threats — from malicious insiders to APTs and zero-days. SimSpace is currently the only cyber range provider to offer persona-based, randomized user emulation. Pioneered at MIT Lincoln Labs and further developed by SimSpace, user emulation is a core feature of our range and training content — redefining the level of realism possible in a simulated environment.

Ready to learn more about how user emulation can help you prepare your team to defend against advanced cyber threats? Click here to read our ebook, Improving Realism in Cyber Ranges with User Emulation.

You can also join our Demo Tuesday, September 20, for a deep dive into user emulation, as provided by SimSpace product manager, Jeff Platzer.

Blog byMike Phelan
Mike Phelan
Mike Phelan
Mike Phelan is a senior product manager with the SkillWise (training) team at SimSpace. He has more than 20 years experience in various roles within the IT space. Mike is focused on delivering customer-facing technical solutions that exceed expectations for both on-prem and cloud users. He has also been responsible for creating end-to-end solutions, leading product strategies, and establishing business relationships. Mike’s experiences include working with SimSpace, NetApp, Dot Hill Systems, and LeftHand Networks, and he is a proud veteran of the US Air Force.