Cyber Range and Cyber Arena are both terms that refer to the training facilities used by organizations to improve their ability to prevent, mitigate or recover from a cyberattack. In this blog, we set out the key differences between the approaches that the two names encompass, and highlight how at Cyber?gym’s Cyber Arenas, we leverage the human factor and critical hands-on experience to augment cybersecurity defense in critical infrastructure.
As hacking experts come up with increasingly sophisticated ways of infiltrating – and wreaking havoc on – organizations’ systems, the cybersecurity landscape becomes more treacherous by the day. An estimated 64% of companies worldwide have been exposed to at least one form of cyberattack, suffering a range of damage including theft of data, money, and intellectual property; deletion of data and systems; lost productivity; and reputational harm. The annual global cost of cybercrime has increased from US$3 trillion in 2015, to an estimated US$7 trillion in 2022, with predictions that it will reach US$10.5 trillion by 2025.
It is therefore not surprising that CEOs and executives today are desperately seeking ways to protect their organizations from the risk of cyberattack, and here’s the good news: 95% of cyberattacks are caused by the human factor, which means that with the right training of staff at all operation levels, they can be prevented. So, what do the Cyber Range and Cyber Arena training experiences offer, respectively?
The Real Deal
While a Cyber Range is usually a simulator using virtual machines, on which virtual warfare is waged, in a scripted lab experience, a Cyber Arena is a dedicated area where participants face a live simulation of a cyberattack, modeled on actual threats that their organization may face, on the same physical machines they use in real life. An arena makes it as real as it gets, short of an actual attack – which is what we are training to prevent.
As well as providing visibility of movements within their own network, working under fire exposes participants to multiple dynamic scenarios, enabling them to see and feel what it’s like to be caught in a real attack, making for a more impactful learning experience.
A Tailored Approach
The training environment in a Cyber Range tends to be off the shelf, with a fixed syllabus that participants progress through, ticking the boxes as they go along. Contrast this with the customized Cyber Arena provided by Cybergym, which accurately reflects the environment in which the customer works, day in day out, including a tailored network topology and custom tools.
Cyber Ranges are often used for one-off training for compliance purposes – once a course has been completed, participants go back to their day-to-day life. A Cyber Arena, on the other hand, is designed to help organizations create real change in their cyber defense posture. This means letting participants experience multiple scenarios, and keeping them up to date with hacker trends as they emerge, over time. Indeed, for customers that choose to set up an arena at their own location, training on the very latest threats can be made available as needed, on an ongoing basis.
As a virtual training model, Cyber Ranges are limited in terms of the feedback they can give participants. At a Cyber Arena, trainees are given a unique insight into the perspective of the actual hackers behind each simulated attack. At Cybergym, our Red Hat team not only runs the training attack scenarios, responding in real time to each action taken by the trainees; they also provide the opportunity to debrief, reviewing the way an attack played out, explaining the thinking behind their strategy, and providing feedback about how the trainees performed – and how they could do better.
IT and OT Systems Are Go
A key difference between a Cyber Range and Cyber Arena – and one that is particularly important in the world of critical infrastructure – is that the former is usually only focused on IT training, while Cybergym Arenas also emulate the customer’s OT and IoT environments. Through training on actual hardware, trainees can experience, and defend against, a simulated attack on a real turbine, power generation and distribution process, or rail network, for example.
At a Cyber Arena, training takes place in teams from across the customer’s organization – including personnel from the SOC, IT and OT teams, so that they can learn each other’s strengths, vulnerabilities, and how to work together in the event of a cyberattack. What’s more, recognizing that an organization’s cyber defense is only as strong as its weakest link, training is available to non-technical staff, from admin support, through management and even C-suite, whether they are veteran employees or new recruits.
The Critical Infrastructure Angle
When it comes to cyber defense, nowhere are the stakes higher than in critical infrastructure – the backbone of modern nations, societies and economies. To streamline and enhance the provision of resources and services – from energy and water, to health and emergency responses – this sector is becoming more connected, which means greater exposure to cyber risks that can seriously impact lives.
Having been developed in response to the actual experience of the Israel Electric Corporation (IEC) – the largest supplier of electrical power in Israel and one of the most targeted organizations in the world – Cybergym’s solutions, including the Cyber Arena model, are ideally suited to meet the needs and challenges of critical infrastructure providers.
When choosing between the Cyber Range and Cyber Arena models, consider the following: a driver can’t learn to handle real-life road conditions without getting behind the wheel of an actual car. So too in cyber defense, simulations can only take you so far. Cybergym training in a hybrid physical/ hyper-cloud Cyber Arena provides a unique, in-person, live, customized training experience, run by real hackers and based on real threats that are relevant to the specific customer. Only in such conditions can true learning be achieved.