Cyber Range is broadly understood as a specialized platform, the main purpose of which is to increase competences in the area of cyber security through the possibility of launching practical training scenarios of varying complexity and content in a virtual environment. Such a general definition means that platforms with very different possibilities, functionalities and scale of training sessions belong to this category of products. Due to this diversity, both the purpose of cyber training platforms and their price can be very different.
In this article, one can learn what determines the cost of the Cyber Range and what issues are worth taking a closer look at when choosing it for an organization or university. This will help to define the existing needs and properly analyse the offers of various suppliers, and consequently – make the most appropriate choice.
Table of Contents
Build or Buy?
When an organization matures to decide that it needs a Cyber Range platform, the question arises whether it is worth buying a ready-made product from the market or creating a platform on its own. After a cursory analysis, many organizations may be able to conclude that they have adequate human resources to carry out such a project on their own. This can often be true if we have large development and DevOps teams on board. However, there are a number of reasons why the decision to develop such a platform on your own is pointless.
First of all, you need to ask yourself whether the performed feasibility analysis actually covered all the necessary work, including all functionalities (even the most trivial ones at first glance) that should appear on a Cyber Range platform. The costs of project implementation also include functional and performance tests of the platform as well as the costs of maintaining the project from the moment of implementation to the end of its use. In the course of the project implementation, there will also be research work, especially in the field of technology selection analysis. Some of them may even require a working prototype. However, the above-mentioned issues are nothing when compared to the laboriousness required to create an appropriate database of training scenarios – after all, without them, the platform is of little use. The time criterion is also very important. When buying a ready product, we can start using the platform within days or a few weeks, and in the case of creating a proprietary solution, we will have to wait at least a year or two.
If at some stage of our analyses we have any specific needs that justify creating our own solution, it is worth asking the producers of cyber training platforms a question about the possibility of meeting our special needs. It may turn out that there are platforms that offer these special features, or that a given manufacturer is able to implement a given mechanism for us at a price much lower than the cost of creating the entire product on our own. The approach to selecting a platform should not differ from the selection of other solutions in the area of cyber security. Few companies consider creating, for example, EDR/AV, SIEM or Firewall for their own needs. Why should it be any different in the case of a cyber training platform?
On-premise, Cloud-based and a Technologically Independent Model
The most important division of Cyber Range products, influencing their price, concerns the method of their distribution to the end user. We can talk about three categories.
The first one relates to platforms available only in the On-premise form, which do not really have a cloud variant. Usually these are products that began to appear many years ago, when cloud computing was not yet popular. Or they were perceived as environments that did not inspire excessive trust when it comes to the security of the data stored there. In the case of some platforms, the lack of support for the variant launched in the cloud results from the choice of virtualization technologies that do not offer support for cloud computing or their use in this way is extremely complicated, problematic or expensive.
Platforms offered in the On-premise variant have undoubted advantages such as the ability to connect them with physical devices and full control over the stored data (if we are the type of organization for which it is important). However, there are significant upfront costs. They are related to the purchase of appropriate servers on which the platform will operate and to finding space for them in the data centre.
The second category of products is the complete opposite of the first one. We are talking about cyber training platforms that were designed only to operate within the computing cloud and do not have an On-premise variant. The adoption of such a model is usually associated with the desire to use ready-made, native solutions offered by a given cloud, instead of creating your own functionality. It may also result from purely business issues and links between a given Cyber Range provider and the provider of cloud solutions.
Two obvious implications of this approach include the attachment to a specific cloud provider, which may not suit every potential customer, and the lack of support for the use of physical devices in training scenarios. Undoubtedly, the advantages of solutions in this category include short time needed by the manufacturer to prepare the platform instance for the client, low initial costs, flexibility in the scope of the contract (after all, it is a typical SaaS model) and leaving all issues related to the service and proper operation of the platform to the supplier.
The third category covers cyber training platforms that offer both On-premise installation and a variant available in computing clouds. These types of platforms are built based on technologies that do not bind them to specific hardware platforms or to specific cloud computing providers. In addition to the obvious advantage, which is high flexibility, another very important benefit of solutions in this category is the possibility of installing a given solution in a private computing cloud of any type.
Cyber Range Cost Including Basic Features
It is beyond the scope of this article to discuss all the functionalities that may appear in the Cyber Range platform. However, there is a set of the most important mechanisms that should appear in a product aspiring to be a mature cyber training platform and, of course, will affect its price.
Virtualized Networks Management
A mechanism that allows for convenient and intuitive creation and modification of network diagrams that will be used in training scenarios. It is worth paying attention to whether we can easily control network addressing and whether we can add not only individual machines, but also entire subnets.
Orchestration
A mechanism that allows you to control the content of individual machines at the stage of starting the training scenario and during the training.
Internet Services Simulation
A set of ready-to-use services that will simulate the Internet and its neutral services. It is worth checking how many resources this mechanism consumes, what protocols it supports and what are the possibilities of its configuration.
Attack Simulation
It is a set of all the mechanisms present in the platform that enable the creation of individual attacks as well as their entire paths. It is worth paying attention to whether the platform has integration with popular hacking tools and how convenient it is for the person who is to create or modify the content of training scenarios.
Physical Devices Integration
A mechanism for connecting physical devices to virtual networks used in training scenarios. It is advisable to check how this mechanism is implemented and what types of physical devices can be connected to the platform.
User Activity Simulation
It is a set of mechanisms designed to simulate the activity of neutral users in training scenarios. It would be good to find out what predefined activities a given Cyber Range provider predicted and how it is possible to add original activities.
Competency Management
A mechanism that facilitates tracking the progress of a given user. Merely participating in a training session says little about a person’s progress. It is worth asking the supplier of a given Cyber Range how to track the progress of individual employees and how detailed and useful this information is.
Scoring and Reporting
A mechanism for collecting information about events that take place in a given training scenario. It is a good idea to pay attention to what information is collected by the platform and what the final report looks like from a sample training scenario.
Instructor Tools
A set of tools for instructors that allow them to interact with training participants, solve possible problems and evaluate the actions.
Traffic Generator
A mechanism that allows the network of training scenarios to be filled with credible network traffic. It is worth asking if the manufacturer offers support for hardware network traffic generators, what software traffic generators it uses and what protocols can be simulated.
Integration Capabilities
It is an API offered by a given cyber training platform, allowing for integration with external systems. A good API should allow not only integration with Active Directory, but also control of many mechanisms present in the platform – launching training scenarios, adding participants to them, generating the final report.
Of course, our specific vision of using a Cyber Range platform in the organization does not always require the presence of all the above-mentioned functionalities, especially additional mechanisms offered by a given provider. In this situation, it is worth paying attention to whether a given manufacturer has a flexible approach and is able to offer us a product appropriately tailored to our needs.
Apart from the availability of specific functionalities, the quality of a given product must also be taken into account. It is important that the platform operation is appropriately intuitive, and the execution of individual actions requires only a few steps. A well-designed application interface should offer the comfort of its use.
An important criterion is also the stability of the platform’s operation and the mechanisms of dealing with possible failures. It is a good idea to ask the supplier of the solution we are interested in, not only for a live demonstration, but also a few days’ access to the demo version.
Training Scenarios and Teaching Materials
The Cyber Range platform itself is not enough for the cyber security skills development program to bring real benefits to our organization. An equally important element are the training scenarios launched there and didactic materials supporting such training. It is worth mentioning that the amount of work required to prepare their rich base is as large as the effort required to create the platform itself. If, as part of our analyses, we came to the conclusion that building and maintaining a cyber training platform on our own is too costly and problematic for our organization, the same may also be the case with creating training scenarios that will be used on the platform.
When analyzing the offers of various suppliers, attention should be paid to the quantity, quality and thematic scope of the training scenarios provided. The supplier’s obligation to constantly develop the existing base is a huge advantage. How, in turn, to assess the quality of training scenarios from different manufacturers? A skilful approach is certainly required. It is better to avoid using a simple quantitative criterion, because the creators of cyber training platforms have a different approach to calculating the scenarios they offer. A much better evaluation criterion is the number of unique attack chains (Cyber Kill Chain) or the coverage of the MITRE ATT&CK matrix. You can read more about aspects of cyber security training in our article.
Apart from the ready-made training scenarios served by the solution provider, it is worth paying attention to the possibilities of a given platform in terms of modifying them to our needs, as well as creating original scenarios. To make it possible, appropriate tools should be built into the graphical interface of the platform administrator, and the process of making changes and fixing them should be simple and intuitive. It is also worth paying attention to whether a given manufacturer provides single images of virtual machines belonging to different operating system families, whether it is possible to create your own virtual machines based on ISO installation images and whether there is a mechanism for importing / exporting virtual machines to / from the platform.
Technology Selection and Scalability
Not only the method of delivering the Cyber Range platform, the available functionalities and the database of training scenarios affect the final price of such a product. The choice of technology has a significant influence. Some manufacturers choose an approach that relies heavily on commercial virtualization solutions (e.g. offered by VMWare). Others prefer to choose proprietary solutions based on publicly available technologies such as OpenStack.
When commercial software is used, the amount of work required to create the platform is reduced. The consequence, however, is an increase in the price of such a product and some limitations resulting directly from the technical limitations of the solution on which the project was based.
The use of technologies such as OpenStack may require a slightly more work from the supplier at the stage of developing the application, but the lack of expensive licenses facilitates achieving an attractive price. In turn, the lack of technical limitations allows for very high flexibility in the development of the platform.
The selection of the technology is important due to one more feature, which is scalability. Cyber Range is a solution that can actively support the operation of a given organization for many years. Most often it will be associated with the regularly growing demand for computing power and disk space. The most optimal solution is to have the ability to scale the performance of the platform by adding more computing servers as our needs grow.
Additional Aspects Influencing Cyber Range Costs
When calculating the total costs of implementing a Cyber Range platform in our organization, it is worth paying attention to a few additional aspects that may be reflected in the size of the budget:
Platform Licensing Model
Whether the manufacturer offers payment for each year or for the entire project in advance. Will we still be able to use the platform after the end of the contract, and if so, to what extent?
Costs of the Infrastructure
Depending on which implementation model we choose (On-premise, Public Cloud, Private Cloud), we must take into account the costs associated with it. In case of the On-Premise model, it is, of course, sufficiently efficient equipment that allows the installation of Cyber Range, space in the Data Centre and, of course, the maintenance of this equipment for years to come. It is simpler in the case of the Cloud version, here we will be interested in the monthly cost of renting the appropriate infrastructure and any additional costs related to its maintenance (e.g. appropriate SLA conditions).
Maintenance
Is the cost of operating the platform by the manufacturer included in the price of the platform or is it additionally payable (and if so, it is worth finding out on what terms).
Licenses for Software and Additional Hardware
We must be aware that all commercial software that appears in training scenarios (e.g. operating systems, databases, applications) should have the appropriate license (usually paid), purchased from the manufacturer. It is worth finding out if a given Cyber Range provider has this aspect well researched and will help us in this matter. Similar issues also apply to physical devices (industrial controllers, Wi-Fi access points) that we plan to connect to the scenarios.
Hiring Instructors or the Supplier’s Red Team
If you plan to transfer the costs related to organizing training to the manufacturer, it is worth finding out if they are able to provide us with competent instructors or the entire Red Team for the blue vs. red training. It is worth checking whether we can count on specific support in this area under the base contract and what rates per day of work may be offered by the supplier.
Cost of Cyber Range Through the Prism of Other Possibilities of Its Use
Completely different look can be presented on the cost of purchase and use of a Cyber Range platform, if we take into account its other potential uses than just sole cyber-security training.
The ability to run virtual networks efficiently and have an automated impact on events taking place offers an excellent space to evaluate security products before purchasing and deploying them across the organization. The reproducibility of the environments launched inside the cyber range platforms allows you to perform a series of exactly the same actions and observe the effects of different products. The same features make it possible to use the discussed solution as a platform to run test environments that can recreate fragments of the organization’s infrastructure at different scales. Such test environments, which are now often referred to as digital twin, are perfect places to verify in a safe and cost-effective way significant configuration changes before implementing them in production environments.
An obvious application for Cyber Range is going beyond the strict subject of cyber security in training scenarios. We can use the same solutions to learn computer network management, operating systems administration, software testing or software development. Skilful use of the capabilities of such platforms gives entities that are technical universities the opportunity to conduct even more interesting laboratories and exercises in many subjects.
We should remember that a cyber range platform can be useful for other departments of the company. After all, it can be used in recruitment processes and other activities related to Competence Assessment, both for candidates for our organization and for the employees themselves.
There are also more technically advanced use cases, such as the use of virtual environments running in Cyber Range as advanced sandboxes to analyse the operation of malware samples. Naturally, this is just one example of the broadly understood issue of Security Research, which may benefit from the use of the platform, instead of being carried out in manually operated laboratories.
Contact us to find out how cyber range can help you!
Summary
The variety of Cyber Range platforms available on the market, on the one hand, may cause difficulties when choosing the right provider. On the other hand, the multitude of solutions guarantees that some of the existing products are the closest to our expectations of the platform we need for our organisation. The aspects related to the selection of a cyber range platform presented in this article – what determines its price, what variants and functionalities exist – constitute solid basis for analysing the needs of our organization and preparing for discussions with suppliers.
