The old adage goes that nothing is certain but death and taxes. We can give this a benefit of doubt given that it was coined more than two hundred years ago. Now with the realities of today, we can add another certainty: there are likely scenarios that you will be hacked someday. And if we could add some little flavour as PCMag put it, you may have already been hacked, but have not known yet (that was actually the statement of the former FBI Head, Robert Muller J ). It is starting to look gloomy.
But the good thing with things which are certain to occur is that you can prepare for them, and somehow mitigate their adverse effects. So, how well prepared is your organization prepared for a cyber-attack?
Just like a fire drill, a cyber drill helps you to do this kind of preparation by simulating different scenario types, ranging from simple intrusions to worse case attack scenarios that completely shutter your operations. In all these situations, your team is then trained on how they should approach the situation.
Cyber ranges exist to provide this kind of simulated training and customized cyber drills. A good cyber range will help you in preparing a bespoke realistic scenario and grants your team proper hands-on training when dealing with an attack.
Different Types of Scenarios
An organization will simulate different scenarios to model different types of attacks. A NIST publication used in a previous RSA conference proposes that in choosing a scenario, an organization needs to perform threat actor analysis – who poses your greatest risk – and impact assessment – what you really want to protect and how it is impacted by the attack. This leads to a wide range of possible scenario types.
For example, a bank scenario will attempt to simulate cyber crimes whose objective may include transferring money to the criminals’ accounts, causing a denial of service etc. Attackers may, for example, attempt to gain access to the core banking assets using the internet-facing endpoints.
Large infrastructure scenarios are used in situations where the organization has a wide infrastructure base, e.g. a SCADA system in an oil and gas corporation. Though the systems in such a complex scenario are expansive, using a proper cyber range will help ensure that the simulation is as realistic as possible.
You can use a cyber threat scenario to simulate a specific type of attack or attacks, for example, an SSH brute force attack. This is a targeted type of a scenario, and aims at testing and improving your organization’s competency in handling the specified attack.
A cyber blackout scenario where the cyberattack has completely affected your operations will test your disaster recovery and business continuity plans and will establish how well and quickly you can recover from an attack.
Phases of Scenario Development
Scenario analysis helps to identify what your objectives are for the scenario. This publication by MITRE will prove very vital as you define your scenario. During this stage, you identify what you shall need to achieve the objectives that you have defined. You will also gather the scenario content to be used.
During the scenario content development process, the scenario explanation should give just enough information to get the team started. Don’t give too much info, which makes it easy for your team. Real attackers will not be that kind, you can be sure.
Scenario testing helps to give confidence that your scenario will run as expected. A dry run of the scenario is done to confirm that the scenario is clear and that all resources needed for the scenario are available.
You will also need to prepare scenarios walkthrough which is used in the scenarios post-mortem stage. This is the improvement phase, and it teaches your team what should have been done in the scenario. This is where gaps in your response are identified and corrected, and your team knows how best to respond next time.
A good cyber range will be a valuable asset to scenario authors. It will make it easy for them to create and precisely simulate the environment they want, and to assess the users’ response to the scenario.
The Silensec CyberRanges
The Silensec CyberRanges provides scenario authors with vast tools to prepare their scenario content. It allows them to perfectly simulate the infrastructure matrix of devices, servers and networking present in their organization. You can even choose to inject customised malicious traffic into your scenarios at defined intervals, which perfectly completes the ensemble of a malicious attack.
You can add some challenges to your scenarios, which users shall tackle as they respond to the attack. After the scenario is done, you are provided with detailed analytics on users’ response, including the speed and accuracy of their remediations. Armed with this information, you can clearly establish where you are as a company, which users have which competencies, and which interventions are needed to address the identified skills deficiencies.
Do you know what the good news is? Our scenario authors have already created a wide array of scenarios covering attack and defence. You can attempt these once you register on our CyberRanges.
Hackers don’t quarantine. Attackers don’t take days off. And behold, the day of attack is surely coming. Equip your team with the skills they need. Expose your team to how an attack looks like, because if you don’t, an attacker soon will, and they will not have the grace to be gentle with you or your assets.