Solutions

Solutions

Cyber Force Platform Deploy continuous security improvement
Elite Cyber Skills Development Dynamically develop elite cyber ops teams
Stack Optimizer Make key cyber ROI and governance decisions
Rapid Range The fastest way to build a high-fidelity cyber range
Cyber Score Establish benchmarks and gather evidence
Professional Services Accelerate deployment, development, integrations and readiness
Verticals

Verticals

Government Protect sensitive data
Global Cyber Defense Train the way you fight
Critical Infrastructure Keep critical systems available
Financial Services Build client trust and confidence
Insurance Safeguard your investments
Energy Protect the nation's power supply
Partners

Partners

Why Partner with SimSpace
Partner Types
Partner Program
Resources

Resources

Analyst Reports
Blogs
Calculators
Case Studies
Catalogs
Datasheets
Demos
Infographics
Videos
Webinars
Whitepapers
Company

Company

Leadership Enabling organizations to realize continuous security improvement
Locations SimSpace has a global footprint with offices around the world
Careers Find your career at SimSpace
Events Events, happenings and webinars
News In the news
Fresh Phish Cybersecurity with a side of humor
Request a demo
Solutions
Cyber Force Platform >
Deploy continuous security improvement
Elite Cyber Skills Development >
Dynamically develop elite cyber ops teams
Stack Optimizer >
Make key cyber ROI and governance decisions
Rapid Range >
The fastest way to build a high-fidelity cyber range
Cyber Score >
Establish benchmarks and gather evidence
Professional Services >
Accelerate deployment, development, integrations and readiness
Verticals
Government >
Protect sensitive data
Global Cyber Defense >
Train the way you fight
Critical Infrastructure >
Keep critical systems available
Financial Services >
Build client trust and confidence
Insurance >
Safeguard your investments
Energy >
Protect the nation's power supply
Partners
Why Partner with SimSpace >
Partner Types >
Partner Program >
Resources
Analyst Reports >
Blogs >
Calculators >
Case Studies >
Catalogs >
Datasheets >
Demos >
Infographics >
Videos >
Webinars >
Whitepapers >
Company
Leadership >
Enabling organizations to realize continuous security improvement
Locations >
SimSpace has a global footprint with offices around the world
Careers >
Find your career at SimSpace
Events >
Events, happenings and webinars
News >
In the news
Fresh Phish >
Cybersecurity with a side of humor
Request a demo

Originally published at https://www.linkedin.com/pulse/preparing-your-big-game-cyber-range-jordan-wigley/

What an exciting game! Super Bowl LVII is officially over, seemingly without a hitch in terms of major cyber and/or physical security incidents. The NFL's cybersecurity team and their partners did a great job preparing to defend their physical and digital assets against heavy adversarial traffic during one of the country's most-viewed events of the year. In this article, I want to compare cybersecurity team preparation to that of the teams who were actually on the football field. Before I dive deeper into this topic, let me spend just a moment on my background so that you can decide for yourself whether or not my opinion is worth listening to.

I grew up geeking out on computers and taking apart every electronic gadget in our house to understand how they worked, and to see if I could make them "better." I developed a passion in high school for cybersecurity before it was cool... constantly dissecting every malware sample that I could get my hands on. After graduating from the University of Alabama MIS program, I landed a dream job of working on Walmart's cybersecurity team. I spent the next ~17 years of my career in a variety of technical and leadership positions, defending two of the biggest networks on earth while working for a Fortune 500 retailer and financial institution. My final 7+ years at those organizations were spent leading cyber incident response and threat hunting teams, truly working the front-lines of cyber defense at a massive scale. For the past couple of years, I have been working at SimSpace. We are helping customers prepare their cybersecurity teams for battle using cyber ranges and training content on the SimSpace Cyber Force Platform.

Alright, enough about me... let's shift the focus back to cybersecurity and football! I'm a HUGE football fan – Roll Tide! – and like to understand what all goes into preparing teams to contend at an elite level. When you look at the Chiefs and Eagles leading into this week's game, they have some of the best athletes in the world on both sides of the ball. Despite already being at an elite level, they still take the time to gather as much video footage and intelligence as they can about their opponent. They study this footage/intel in extreme depth, and then bring in players from their scout team to simulate the types of plays they expect their opponent to throw at them on game day. It's their scout team's job to ensure they emulate the opponent as closely as possible, while putting the starting team through the most difficult scenarios they can execute on the practice field. However, when game day comes around, the team is likely going to get different looks from the opponent than what they saw in practice. Having experience and familiarity with the opponent's known techniques during practice will hopefully give the coaches and players everything they need to adjust their own playbooks during the actual football game, and come out with a win.

Why should cybersecurity rehearsal and preparation be any different? If you practice against live-fire simulated attacks that are modeled after your expected adversaries, then you will be in a much better position when you're actually responding to a production cybersecurity incident. These practice exercises should include plenty of realistic user/host/network noise, possible with SimSpace's cutting-edge User Emulation capabilities, to ensure there is a giant haystack of legitimate activity for the malicious artifacts to hide in. In real life, your production network is not quiet enough for malicious activity to immediately stand out; so shouldn't the same be true on your digital practice field? Your defenders should be challenged to sift through this large haystack of realistic noise in order to identify anomalous activity, investigate the full attack chain, respond to identified threats, and recover from the simulated incident. Teams using this approach are able to not only identify gaps in their skillsets, controls, and monitoring capabilities; but also identify gaps in their best practices, procedures, and playbooks. Identifying and remediating those issues now, ensures that your team will not be surprised in the heat of battle during a production incident.

Threat actors will always adjust their techniques – at least a little bit – from one campaign to the next. Having familiarity with and experience detecting and responding to the adversary's tactics, techniques, and procedures (TTPs) – as well as any common indicators of compromise (IOCs) – will enable defenders to deviate from their playbooks during an active security incident as needed. It is also important to train like you fight, meaning you should utilize the same cybersecurity tools during practice that you depend on in your day-to-day security operations. This will ensure that your cyber defenders have familiarity with all of your production tools, so that when an incident occurs they are fully prepared to respond.

At SimSpace, we are working with some of the world's largest companies, governments, and militaries on our Cyber Force Platform. We are using our cyber ranges, user emulation, automated attacks, and on-demand training content to ensure their cybersecurity teams are prepared to defend their organizations – or even their entire countries – against advanced threat actors. We help customers create scaled-down replicas of their environments, to increase the realism of each event. Our platform makes it easy to bring in almost any tool/solution on the market – or even custom home-grown solutions – for use in a cyber range or training content, ensuring that your team is able to prepare using the same tools they have access to in production. If you have systems that are not easily virtualizable – OT/ICS, IoT, Mainframe, etc – then the SimSpace platform also offers hardware-in-the-loop (HWIL) capabilities to map physical assets into your cyber ranges. Our advanced cyber range features allow for many use cases, including but not limited to:

  • Red v Blue live-fire exercises
  • CTF events
  • Detection engineering
  • Security stack validation/optimization
  • Product evaluations
  • Forensics labs
  • Malware analysis
  • And much more...

Whether your busiest time of year is Black Friday sales, income tax season, summer travel season, government elections, or something else – ask yourself the question, is your organization ready for your "Big Game"? Please reach out to see how the SimSpace Cyber Force Platform can ensure your cybersecurity team is ready for battle. We really look forward to working with you and your team!
Blog byJordan Wigley
Jordan Wigley
Jordan Wigley
Jordan Wigley is a cybersecurity professional with over 19 years of experience in a variety of technical and leadership positions at multiple Fortune 30 and cybersecurity companies, with a specialization in Threat Hunting, Incident Response, and Network Forensics. He is currently the Field CISO at SimSpace, with a focus on solving complex challenges for current and prospective customers.