This article highlights key challenges associated with offering cyber range training using AWS. It also presents Ravello cybersecurity lab as a way to run cyber ranges for training on public cloud (AWS & Google cloud) to overcome these challenges.
What are cyber ranges
Cyber range is a realistic representation of infrastructure, network, tools & threat to carry out live-fire attacks and disruptive effects to support testing, training, mission rehearsal exercises. These are large setups – typically running into hundreds of nodes.
Why is public cloud great for cyber ranges
Cyber ranges are ephemeral environments – which means they are needed for events, training, testing most of which are typically short lived in nature (max. lasting a couple of days). Further, cyber range training environments need scale to realistically mirror enterprise infrastructure. Given the bursty nature of these workloads & need for scale, it is cost-effective to run Cyber Ranges on public cloud vs. creating a data center for housing these workloads.
What are the key challenges with cyber range training on AWS
While public cloud is a great for building cyber ranges, its inherent infrastructure limitations pose challenges in deploying ‘life-like’ cyber ranges for training on AWS. Here are the key challenges:
- Different network & security appliances – Cyber ranges need same network and security appliances as those present in DC for an effective representation of enterprise environment. However, Cloud version of virtual appliances are different from the ones deployed in data-centers. Take for example Palo Alto Networks VM Series Firewall. While VM Series has a AMI (Amazon Machine Image), the functionality supported by VM Series AMI pales in comparison to VM Series Firewall intended for datacenters (VMWare or KVM version).
- No Layer 2 networking on public cloud – Data-center networking is different from Cloud networking. Public cloud inherently blocks broadcast, multicast packets and provides access to only Layer 3 and above. Most (if not all) enterprise deployments rely on some Layer 2 protocol or the other for advanced functionality that their setup depends on (e.g. VRRP is typically needed for High Availability).
- VMware workloads – Almost half the workloads in enterprises is being run on VMware (both VMs and appliances). However, ESXi (hypervisor that runs VMware VMs) is not supported on public cloud. This makes it difficult to run the same VMs on AWS without making modifications, and these modifications defeat the entire purpose of cyber ranges being ‘life-like’ as in production.
- Port Mirroring – To be effective in red-team, blue-team exercises, one needs certain advanced capabilities (such as ability to tap into certain ports promiscuously to be able to monitor the traffic). Capabilities such as port mirroring to be able to accomplish this are not supported on public cloud.
- Difficulty in creation, deployment & control – Cyber ranges are large environments spanning couple of hundred machines and network nodes. Creation, deployment and control of these environments on AWS is a lot of work. Writing a new set of AWS cloud-formation scripts every time one needs to create a new cyber range requires effort, time and learning a different way of doing things compared to a data-center. These overheads add-up when one is deploying multiple different cyber range scenarios to train their workforce.
Ravello’s cybersecurity lab platform overcomes these challenges. Using Ravello’s nested virtualization and networking overlay, one can build and deploy large cyber ranges that are high fidelity replicas of enterprise environments – including the same VMware VMs, network appliances and Layer 2 networking. Further, the platform supports advanced capabilities such as port mirroring, REST APIs and rich ‘drag and drop’ UI to easily create, deploy, control and automate management of cyber ranges.
Interested in learning more, check out this video on how SimSpace is using Ravello for building cyber ranges. To try out Ravello for yourself, sign-up for a free trial and reach out to us if you need help.
About Ravello Systems
Ravello is the industry’s leading nested virtualization and software-defined networking SaaS. It enables enterprises to create cloud-based development, test, UAT, integration and staging environments by automatically cloning their VMware-based applications in AWS. Ravello is built by the same team that developed the KVM hypervisor in Linux.