Sophisticated Attacks

Sophisticated Attacks

Enhancing cyber infrastructure security with virtual sandboxes and cyber ranges

With cyber-attacks on the ascent, the need to strengthen the security posture and be responsive is top of mind for CIOs, CEOs and CISOs. Security is closely interlinked to all aspects of the business and has a direct bearing on business reputation, privacy and intellectual property. Unfortunately, the IT stack continues to get complicated even as attacks continue to get sophisticated. Further artificial simulations undertaken without a real-world replica or a virtual-only scenario can often overlook vulnerabilities that could not be seen in a simulated environment. And, in the cases where an investment is made in building the complex testing infrastructure, it can often be cost prohibitive aside from the time spent to set up and tear down infrastructure and applications.

This is where traditional security test beds run into bottlenecks, as they require significant, costly investments in hardware and staffing and even then cannot scale effectively to address today’s growing network traffic volume and ever-more-complex attack vectors. Government, military and commercial organizations are deploying “cyber range,” test beds that allow war games and simulations to strengthen cybersecurity defenses and skills.

It is integral to make these test beds highly efficient, cost-effective and scalable. Over the last few years there has been a need to replicate large scale, complex and diverse networks. One that can orchestrate a hybrid sandbox containing both virtual and physical resources needed for the assessment of cybertechnologies. Because cyber ranges are a controlled sandbox, a smart solution needs resource management and automation features that provide the ability to stand up and tear down cyber range sandboxes as needed in a repeatable manner.

Operational conditions and configurations are easily replicated to re-test cyber attack scenarios. This sandbox uses resources such intrusion detection, malware analyzers, firewall appliances and common services such as email and file servers. The sandbox resources are isolated into white, red and blue team areas for cyber warfare exercise scenarios in a controlled sandbox.

The industry is now demanding containerized portable infrastructure to support virtual sandboxes and cyber agents with on-demand containerized infrastructures to create and manage cyber ranges and private cloud sandboxes. Through full infrastructure and IT environment virtualization and automation, security conscious enterprises can save millions of dollars in costs associated with creating, delivering and managing the full stack of physical compute, network and storage resources in highly secure containers.

One such customer is the United States Defense Information Systems Agency (DISA) the premier combat support agency of the Department of Defense (DoD). According to Ernet McCaleb, ManTech technical director and DISA Cyber Range chief architect this solution provided them with the means to fulfil their mission without sacrificing performance or security and deliver their MPLS stack at a fraction of the cost.

Cyber Ranges are not just for federal defense establishments alone. They have broader applicability across the Enterprise.

Top 3 reasons to use Cyber Ranges

  • Lower costs of simulating Security testing.
  • Increase agility and responsiveness by combining automation with cyber ranges.
  • Harden security posture.

Three questions to Consider Choosing Cyber Ranges or Sandbox Infrastructure Solutions

  • How flexible is the Cyber Range solution?
  • Does it allow modeling of physical, virtual and modern containerized environments?
  • What’s the cost of building and operating one?

As enterprises bring newer security tools into their arsenal against cyber-attacks, the modern cyber ranger solutions should definitely be on top of their consideration list.

This article originally appeared in the November 2016 issue of Security Today.

About the Author

Shashi Kiran is the chief marketing officer at Fortanix

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.