Today’s cyber threat landscape necessitates that your organization base its approach to security on the assumption that the adversary is already inside your network. So how do we prepare your organization to take back your network and to protect your data?
SimSpace is proud to introduce our Virtual Clone Network (VCN) technology that provides realistic environments, adversary attack campaigns, and training and assessment tools for your organization’s cybersecurity developmental, testing, and training requirements. With SimSpace’s VCN, you are no longer restricted to small networks or to virtual environments that are not representative of your specific network environment and typical traffic. SimSpace VCN is a first-of-its kind offering because it utilizes capacity from Amazon Web Services and Google Cloud to provide full featured pre-configured and tailorable Cyber Ranges that are deployed on-demand in fully isolated environments – made possible by Ravello Systems’ nested virtualization and software-defined networking technology.
A SimSpace VCN can span in size from tens of hosts to several hundred and, for urgent requirements, we have built several easily accessible models including enterprise environments, public utilities, financial institutions, or military networks. Depending on your circumstances, you can customize and extend the existing pre-defined networks or you can start from scratch and generate an entire network tailored to meet your specific organizational needs. We will give you the tools necessary to rapidly create, configure and validate your own customized virtual environment. The process to build and configure your VCN is fully automated; we just need to know your requirements.
Leveraging both the advantages of the cloud and Ravello’s cutting edge HVX technology, you can spin up the environment of your choosing, for just the amount of time that you need it, and then suspend or delete it when finished. You no longer need a dedicated staff to build, operate, and maintain custom, in-house, and often separate, development, test and training environments. Instead, focus your staff and resources on what you need the most … being prepared to be effective against the threat.
The technology used to build and run our Virtual Clone Networks was developed after a decade of investments by the U.S. Military to provide high-fidelity virtual environments for the DoD testing and training communities. Now SimSpace can offer the same technology that powers the government’s most sophisticated cyber ranges to your business at a more affordable and accessible manner.
So what can you do with a Virtual Clone Network? Some examples include:
- Test and development environments to create the next generation cybersecurity solutions
- Risk reduction for the introduction of new cybersecurity solutions into production environments
- Hypotheses testing for real-time responses to cyber incidents
- Disruptive-capable assessments that complement traditional pen-testing of production networks
- Comparative analysis of existing or new cybersecurity solutions against competing alternatives
- Virtual environment for pen-testing risk-reduction analyses
- Assessment of the effectiveness of pen-testing derived cybersecurity solutions
- Assessments of individual and team cybersecurity performance
- Individual training for cybersecurity and pen-testing operators
- Cybersecurity team training
- Range-based Cyber exercises
Virtual Clone Network Capabilities
Predefined or tailored network environments
Your network can be chosen directly from a suite of predefined networks or can be tailored by extending or adjusting one of the predefined networks or you can start from scratch to build a custom network to meet your specific needs. The predefined networks range in scale from tens of nodes to hundreds of network machines. These pre-built networks are representative of a variety of organizations: enterprises, the defense industrial base, financial institutions, utilities or military networks. These virtual networks are all self-contained, that is, isolated from the Internet, in order to prevent any accidental spillage or inadvertent attacks on real-world sites. Our intent is to provide a safe environment where you can test and train without the unnecessary consequences. Despite the advantages of being isolated, effective testing and training still require a realistic Internet within our VCNs. To accomplish this, we re-host thousands of sampled web, email, and ftp sites. We also provide root and domain DNS servers and core BGP routing. Within the VCNs, just as a typical network, we run Virtual Routers, full Windows Domain Controllers, Exchange, IIS, DNS and File servers. Linux, Unix and other server and client operating systems are also included along with their popular services. As much as system administrators would like to think that their networks are perfectly constructed and aligned, the reality is that there are many misconfigurations, in addition, to legacy and unwanted traffic. So, we add that in as well. For each of the services, we also include real content in the sites and services so that our virtual users can interact with that content in a realistic manner (e.g. send/receive/open email attachments, click on embedded URLs, etc). We are also able to tailor and reproduce important features of many domain-specific or custom applications and services that are critical to your business area, so they too may be included to fully represent the defensive posture of your organization and challenge your defensive team. We are also able to provide a wide set of operating systems, services, data, and user accounts because we have developed the tools and processes to fully automate both the setup and configuration of those systems.
Realistic, host-based user activity
To create high-fidelity replicas of networks, we need more than just the hosts, servers, and infrastructure to match the architecture. To be truly realistic, we also need to recreate all the user activity, both productive and unproductive, that we see on a daily basis. Users today mix their personal and professional lives and vary in their level of productivity, focus, application usage, social networking and awareness of cybersecurity threats. To generate this level of realism, SimSpace provides the most advanced user-modeling and traffic-generation capability available to make the VCNs come alive. Each host on the network is controlled by a virtual user agent who logs in each morning and uses real applications like Internet Explorer, Firefox, MS Office and Windows Explorer to perform their daily activities. As every Netizen is like a snowflake, unique in their own way, our virtual user agents are programmed with their own individual characteristics. Each user has their own unique identity, accounts, social and professional networks, daily schedule, operating behavior and preference for which applications to use, when and how often. Just like in the real world, users interact with other users, compose emails, open, edit and send documents to co-workers and external collaborators to accomplish their daily tasks. These virtual users are goal-driven and reactive, which means they can respond to predefined instructions and sense their environment and any changes within it. Therefore, if a particular service or application becomes unresponsive, they can adjust their behaviors and application usage to complete the tasks. This rich and immersive environment generates the daily host and network activity that sophisticated attackers use to hide or obscure their presence. This typical “top cover” allows them to exploit user applications and operating systems (e.g. spear-phishing, drive-by-downloads) to gain a foothold in the network and operate covertly. The challenge for the defensive operators and their tools is to identify and stop attackers who are also operating alongside legitimate users. If successful, of course, your cybersecurity team will prevent the adversary from carrying out its goals and will minimize the disruption to your business operations.
Defensive tools and applications
Ravello’s unique and powerful layer2 network and nesting technology allows us to integrate open-source and commercial defensive and offensive tools into a SimSpace VCN. Ravello is the only cloud provider in the industry with these robust and innovative networking technologies. SimSpace VCNs are preloaded with popular security solutions like pfSense, Security Onion, OpenVAS, Kali Linux and are configured according to industry best practices. Depending on your requirements, these typical cybersecurity tools can be replaced or combined with other more appropriate solutions. By loading your specific configuration files and rule sets, your VCN becomes more tailored to your environment and, in turn, enhances your training, testing, and assessment results.
Model sophisticated adversaries
SimSpace’s VCNs, regardless of whether they are predefined or tailored, come with some of the most advanced capabilities for simulating real users. But what about simulation of advanced adversaries? To simulate a real advanced threat, you need to simulate advanced tactics. And that starts with zero day emulation. In the Virtual Clone Network, every piece of software has built in memory corruption exploits, with both remote, client, and local exploit options. This offers the most advanced zero-day emulation threat capability against every host in your VCN, regardless of its patch level or operating system. Want to see how well your company responds to a zero day? SimSpace VCNs can put your team to the test!
SimSpace Breach is the most advanced penetration-testing tool in existence. With SimSpace Breach, you can enable your Red Teams to not only work more efficiently, but deliver a higher threat capability in a shorter amount of time than ever before. With the same number of red team operators, more threat engagements of higher caliber can be accomplished in a similar time-period. In addition, SimSpace Breach has instrumentation that work within the Virtual Clone Network to allow you to gain better insights on your tooling, people and process.
Now that we have provided you a realistic environment and the ability to recreate sophisticated adversaries, how will your cybersecurity team or the tools they rely upon perform? To answer these questions, we have developed a suite of assessment tools to help. Your VCN is a highly instrumented environment that can provide insights into the defensive effectiveness of your team as well as the impact to your organization’s cyber environment from an attack. Specifically, we can help you understand 1) what were the specific attacker actions and movements performed, 2) how many virtual users experienced service disruptions, 3) what was the response time for the defenders to identify the attacker, repel them from the network, and then, if required, restore business operations, and 4) what was the mission impact during the attack. For each testing or training objective, we are able to capture specific objective performance metrics and allow you to assess your team’s effectiveness and, over time, their rate of improvement.
Unveiling the new technology and announcing beta access today.
SimSpace’s mission is to measurably improve, in a cost effective way, the cyber capabilities of your enterprise.
Who we are:
- An innovative cybersecurity company leveraging decades of experience working for the U.S. Military and DoD Laboratories to provide next-generation cyber assessments, training, and testing.
- SimSpace provides high-fidelity simulated network environments, or Virtual Clone Networks (VCN), for tailored, interactive, and scalable cyber events along with specialized software tools for activity replay, mission impact evaluation, and network monitoring.
- SimSpace focuses on your organization’s entire cybersecurity capability — People, Process, and Technology — successfully integrating and validating testing, training, and assessments for individuals, small-team and large-force training exercises for 100+ operators.
About Ravello Systems
Ravello is the industry’s leading nested virtualization and software-defined networking SaaS. It enables enterprises to create cloud-based development, test, UAT, integration and staging environments by automatically cloning their VMware-based applications in AWS. Ravello is built by the same team that developed the KVM hypervisor in Linux.