Cyber Range Buyers Guide for Security Service ProvidersSelect the right platform for your cyber range businessWhite Paper

www.cyberbit.com | sales@cyberbit.com

Table Of Contents

Introduction 3

What Is a Cyber Range? 3

Cyber Range Checklist 4

Architecture 5

Essential Training Models 6

Beyond Training: Assessing Processes and Technologies 7

Cyber Range Business Benefits 8

Create Tailored Courses for Diverse Audiences 9

Case Study: Baltimore Cyber Range 10

Facility & Staff Checklist 11

Build Your Range Business with Cyberbit 12

3 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

What is a Cyber Range?A Cyber Range is a simulation platform for training information security professionals, assessing incident response processes, and testing new technologies. A cyber range recreates the experience of responding to a cyberattack by replicating the security operations center (SOC) environment, the organizational network and the attack itself. As a result, it enables hands-on training in a controlled and secure environment. The more realistic the simulation experience, the better a cyber range can prepare trainees to deal with real world incidents, and reduce the proba-bility of a security breach happening on their watch.

In a market saturated with qualified security service providers, a cyber range can help you stand out, by offering your customers hyper-realistic hands-on cybersecurity training experiences.

A robust training platform should allow you to:

Simplify Analyst Training:Deliver fast, effective onboarding training for new hires and ongoing skills training for experienced analysts. Create internal certification processes to track analysts progress over time and motivate them to continually strive for better training results.

Evaluate Processes and Procedures:Use the cyber range simulation to examine how a change in a process or a procedure inside a customer network can affect their security posture.

Provide an Effective Testbed:Use the cyber range to model any SOC environment to use it as a dynamic security testbed for evaluating architecture and testing out new security products in a controlled environment.

IntroductionYou have decided to turn the global cyber skill shortage into a new growth opportunity. As a security service provider, the cyber skills shortage presents the perfect circumstances to drive business and increase sales, while giving your customers truly valuable and necessary services. A cyber range will allow you to offer a wide variety of recurring training offerings from onboarding new SOC analysts to advanced incident investigation and forensics. The success of your cyber range depends on the underlying technology. This Cyber Range Buyers Guide covers the most important technical requirements for selecting a training and simulation platform.

4 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Cyber Range Checklist

Scalable and Customizable Range Platform Select a cyber simulation and training technology with a robust and flexible infrastructure that allows you to easily scale and customize scenarios according to customer needs.

Automatic Scenario Emulator The scenario emulator should be able to automatically execute benign traffic as well as complex attack sequences over the network, reducing the dependency on expensive, hard to employ, instructor red teams, and allows recurrent scenario emulation which can be measured and compared to in a reliable way.

Off-the-Shelf Scenarios and Courses An extensive library of scenarios and courses that can be delivered ‘off-the-shelf’ will help you get started training quickly and easily.

Attack Scenario BuilderCustomers will have specific training requests. A user-friendly scenario builder will allow you to easily create new customer scenarios without the need to write code.

In-depth Scenario Documentation Clear and concise documentation for each scenario contributes to student success and reduces frustration, as well as supports the onboarding of new instructors as cyber range operations grow.

Support for IT and OT Environments Make sure the range platform you choose will allow you to offer training that is appropriate to all your customers and potential prospects. The range should be able to simulate a wide range of attacks on any kind of network topography – IT, SCADA, IoT and more. This is vital to serving your current customers and building a solid foundation to continue to grow your business into new sectors.

Support for Remote Training When busy professionals are not able to come to your facilities, you should have the ability to train at the customer site as necessary.

5 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

ArchitectureMost cyber training solutions involve a group of defenders (blue team), facing either a computer managed attack scenario or a human attackers team (red team). The simulation management application creates a simulated network with various security capabilities (and vulnerabilities) and a scenario emulator which will be responsible for creating both valid and malicious network streams. The threat generator creates various attack scenarios and the training operators follow the scenario from their own dashboard in order to monitor the training and in some cases, provide tips and assistance.

A security service provider needs the ability to set up a generic training network that includes a variety of popular security tools by multiple vendors. The range must also be customizable to mirror the customer’s’ network and incorporate the security tools and typical traffic of their own network environment.

Customizable Network, Traffic and Threats

Simulated NetworksBlue Team Red Team

(optional)TrafficGenerator

TrafficGenerator

COMPLETE NETWORK SIMULATION

Your cyber range should be able to support customers SOC capabillities and threat vectors, to create a training environment that will meet their needs and threat scenarios

6 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

TRAIN THE ORGANIZATION

Cyber security is only strong as its weakest link. Beyond the SOC team, your cyber range should be able to offer custom cybersecurity training sessions for every member of the IT and R&D in an organization

Essential Training ModelsYour training simulation platform should provide the necessary content and features to train your customers’ entire security and IT staff, regardless of skill level or role. It should provide a curriculum that trains in offensive and defensive techniques, and be scalable for large or small teams.

Blue TeamSOC and IR team members of any level learn to better detect, prevent and respond to cyber incidents, ensuring that when “the real thing” happens, they are prepared for whatever comes their way.

Red Team Red team training allows pen testers and security architects to get the hands-on training they need to perform their roles better and gives IR and SOC teams the tools they need to think like the enemy.

Individual The training platform should be flexible and scalable enough to cater to even the most tailored needs. Individual training gives professionals the opportunity to customize sessions to strengthen their specific weaknesses and create a personalized training road map.

Capture the Flag Competitions

A Capture the Flag module allows you to add a dimension of gamification and competition to training, keeping exercises exciting and fresh. Moreover, a proper Capture the Flag module can be used for marketing and promotional purposes to create a buzz around your offering and drum up interest at hackathons and conferences.

7 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Beyond Training: Assessing Processes and TechnologiesIf you build a cyber range capable of fully simulating any environment, tools, traffic and attacks you can leverage it for assessing processes and technologies to improve the quality of all your security offerings.

Product POC: Platform must have a robust simulation platform that allows you and your customers to test out new tools and products before implementing them to ensure that they work as planned with the rest of the environment.

Sub-Network Pentesting: Your cyber range solution should grant the ability to pentest networks in a safe and controlled environment, allowing your customers to find vulnerabilities before the bad guys find them.

Cyber Research: Cyber range simulation is an effective way to examine the behavior of various malware and existing attacks. It can also provide valuable insights when investigating the impact on your network, if it was discovered post-attack.

8 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Cyber Range Business Benefits By adding Cyber Range training simulation capabilities to your security services offerings, you can:

Open a New Line of Business: A cyber range enables you to add a hands-on training offering to your services portfolio. Training is not yet a mainstream offering, while the need for it is growing fast, driven by the information security skill shortage. By offering cyber range services you add new and unique line of business while staying ahead of your competition.

Create a Unique, High-Value Offering: Cyber simulation enables security service providers to work with a wider range of teams inside customers IT departments. Selling cyber training services creates a long-term relationship with a wide range of IT & security professionals inside the customer organization. Simulated training services offer a chance to engage with customers and reduce churn.

9 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Create Tailored Courses for Diverse Audiences

New Analyst Skill Development CoursesHelp new hires get the skills they need with courses tailored specifically to their needs. The hands-on experience provided in a Cyber Range setting allows less-experienced analysts to develop their skills in a safe and controlled environment. With courses created specifically with their skill level in mind, you can ensure that they come out with the competencies they need to defeat real-life threats in far less time than traditional methods.

Expert Skill Enhancement Courses Provide experienced analysts (and other security professionals) with specifically tailored courses that allow them to advance their abilities across any skill set, such as malware forensics, network security, pentesting and IR. Not only do these courses enhance skills, they help seasoned professionals remain engaged in a workplace that can become otherwise monotonous.

Team and Individual Training Courses A truly customizable platform is one that’s entirely scalable. A cyber range is the right answer for training large teams together as a unit or even one professional at a time using hyper realistic scenarios.

Certification Courses Due to the cyber skill shortage, every SOC manager is facing an enormous challenge to hire and train enough qualified analysts. When a new analyst is hired they must go through an onboarding process in which they learn everything about the enterprise SOC, its architecture, traffic, security tools and procedures. Offer customized SOC Analyst Onboarding Certification that gets new hires up to speed quickly and efficiently. A cyber range can also be used to administer a final ‘check out’ exam before the new analyst is assigned their first shift in the SOC. You can also offer special advanced courses for more experienced professionals in topics like security incident investigation and forensics.

10 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Case Study: Baltimore Cyber Range In August 2017, The Intrusion Countermeasures Education and Training Consortium, in conjunction with Cyberbit, opened an advanced hands-on Cyber Range training facility in Baltimore, MD. The goal of the center is to provide critical real-to-life experiences to the cyber professionals in the areas surrounding Baltimore. With its close proximity to many federal agencies, Maryland is considered as a global leader in cyber security.

"We needed a platform that would help us drive incremental revenues by differentiating us from competitors with a clearly superior training offering. The Range took us several days to set up and came with a catalog of simulated scenarios, an accurate replica of the customer network, and a set of training tools on top, that enable us to run the training session and measure trainee performance. Overall, we found the Cyberbit Range to introduce a completely new approach to measuring and training cybersecurity staff and evaluating incident response playbooks. I believe it will change the way we approach and quantify cybersecurity operations as a whole."

- Bruce Spector, Chairman Baltimore Cyber Range

11 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Facility & Staff ChecklistIn addition to the range platform itself, consider the following facility and staff requirements:

Classroom(s)Each classroom should be able to accommodate 5-20 trainees and 1 instructor. Additional classrooms can be added as your range business grows.

ServersWill you need to supply servers or will they be supplied by range vendor?

Trainee WorkstationsEach trainee needs a standard workstation with 2 screens

Training InstructorsOne instructor is needed per class session. Plan for 1.5-2 instructors per classroom to allow for optimal scheduling. A range classroom can run around the clock, so consider splitting each classroom into two instructor shifts to maximize simulation capacity. Vendor should train instructors to ensure optimal performance.

Sales and MarketingIdeally you will have dedicated sales and marketing people for your new cyber range business who will learn about market needs and how your range stands out from other training platforms.

LogisticsAssign a person to handle the scheduling of trainings and all that it entails; scheduling instructor, contact with customer, preparing and distributing

12 | Cyber Range Buyers Guide for Security Service Providers | www.cyberbit.com

Build Your Range Business with Cyberbit Cyberbit Range Training and Simulation Platform was developed especially with security service providers in mind. From day one, Cyberbit Range was developed to be robust, flexible and simple to deploy so you can easily custom-ize training offerings as needed. The simulation experience is deeply immersive and leaves a powerful impression on everyone who tries it and provides clear metrics to show improvement of trainees.

We understand the security service provider business and offer diverse pricing models that support you structure and stage. Your dedicated account manager wants your cyber range business to succeed and will be right by your side offering support, guidance and real solutions. Cyberbit Range can be co-branded to create a powerful brand that will attract customers and build confidence.

Cyberbit will help you get your new Cyber Range business up and running as quickly as possible so you can start scheduling training sessions and creating revenue quickly. Cyberbit Range is the most widely deployed cybersecu-rity training and simulation platform, delivering hyper-realistic training scenarios that dramatically improve cyber security team performance for enterprises, public sector organization, academic institutions and security service providers on three continents.

Cyberbit provides advanced cyber security solutions for high-risk, high-value enterprises, critical infrastructure, military and government organizations. The company’s portfolio provides a complete product suite for detecting and mitigating attacks in the new, advanced threat landscape, and helps organizations address the related operational challenges. Cyberbit’s portfolio includes advanced endpoint detection and response (EDR), SCADA network security and continuity, security incident response platform, and security team training and simulation. Cyberbit’s products were chosen by highly targeted industrial organizations around the world to protect their networks.

Cyberbit is a wholly-owned subsidiary of Elbit Systems Ltd. (NASDAQ and TASE: ESLT)

sales@cyberbit.com | www.cyberbit.comUS Office:CYBERBIT Inc. 3800 N. Lamar Blvd. Suite 200Austin, TX 78756Tel: +1-737-717-0385

Israel Office:CYBERBIT Commercial Solutions Ltd.22 Zarhin St. Ra’ananaIsrael 4310602Tel: +972-9-7799800

ABOUT CYBERBIT™