Philip Cao

Stay Hungry. Stay Foolish.

CDANS 2017: Keeping Cybersecurity Skills Sharp With Cyber Range

4 min read

We enjoy meeting with and presenting to the many hard-working professionals responsible for securing government and critical national infrastructure in Europe, the Middle East, Africa, Asia and the U.S., and this year at Cyber Defence and Networks Security (CDANS) 2017, attended by several of these regions, we decided to try something dynamic.  We invited our partner Cyber Test Systems to join us to run a Cyber Range as a pre-conference workshop. Cyber Range is used by technologists – network engineers, cyber operations professionals, and others charged with some level of responsibility for their enterprise’s security – to hone their cybersecurity skills against the most cutting-edge attacks we can find today. Cyber Test Systems does this regularly for network and security professionals across all manner of critical infrastructure – from government entities to commercial interests. And we are privileged that they continue to choose Palo Alto Networks Next-Generation Security Platform to find, analyze, and prevent the advanced attacks they’re pulling from the internet for their Cyber Range workshops.

Typically, Cyber Range assists professionals in understanding today’s most advanced threats, using some of the most advanced real-world malware actually culled from the internet for the purposes of education. Cyber Range also:

  • Exposes security professionals to different kinds of threats seen on critical infrastructure networks today, including:
    • Ransomware
    • Botnets and their command-and-control (C2) traffic
    • Phishing attacks
    • Other forms of advanced malware
    • DDoS attacks (DDoS, RDoS, DRDoS)
  • Enables professionals to improve their skills and speed in identifying these threats which they can then put into practice within their own networks.
  • Offers professionals real-world, hands-on experience using the power of the Next-Generation Security Platform, which integrates security capabilities for faster time-to-detection and signature creation within five minutes of seeing a new advanced threat.
  • Provides practitioners with hands-on experience with a mobile Cyber Range suite, which is portable, evolves with the latest attacks, and is available for reuse in national and commercial exercises to maintain team skillsets across those responsible for security – network, security, endpoint and data center teams – as advanced threats evolve.

Cyber Test Systems uses real threats, pulled from their research across the internet, and then regenerates them realistically using their series of Network Traffic Generators (CTS-NTG).

Normally, these Cyber Range workshops are attended by the practitioners. But at CDANS, we were privileged to be joined by CISOs and other, more-senior-level management who were eager to learn as well. In addition to balancing the needs of the varied technical levels of the participants, we provided an overview of a typical network topology, the network they would be protecting, and the overall exercise objectives. We reiterated the importance of using automation for speed to detection and prevention and the importance of complete visibility across the network – thinking in the context of the cyberattack lifecycle – and of all of the many applications traversing their networks. Having a grounding in the equipment, network and exercise objectives, participants were then presented with a series of attacks against their respective networks with a great deal of hands-on assistance to understand what they were seeing, including:

  • Recent ransomware such Petya Goldeneye, Merry Christmas, Cerber, Sopra, CryptoMix, Osiris variant of Locky
  • Recent web exploit kits, such as Magnitude, KaiXin, Rig-E, Rig-V, Sundown
  • Phishing attacks
  • Malicious domains and websites
  • Exploits of vulnerable clients and servers
  • DDoS attacks including DDoS, RDoS, and DRDoS attacks – just like the Mirai botnet DRDoS attack
  • Recent botnets’ command and control, such as Kelihos botnet and Mirai botnet

We were delighted to discover that Cyber Test Systems had even pulled brand new, never-before-seen malware in the wild, which WildFire,  Palo Alto Networks malware analysis environment, immediately identified in real-time in the exercise. All features of Palo Alto Networks platform were fully leveraged throughout the exercise, including App-ID, Threat Prevention, URL Filtering, and WildFire to detect and mitigate the cyberattack scenario, one after the other.

Our instructors, including the Cyber Test Systems team and two of our London-based systems engineers, acted as red teams, yellow teams, white teams and green teams, guiding our participants who played the role of the blue team throughout the exercise.

Based on the feedback, and their tenacity throughout a full day of exercising, and regardless of the technical level of the professionals who participated, they were all able to take back new insights and a new appreciation for the diversity of threats that are possible to mitigate, which they – or their teams – may face regularly. From all of us, as Cyber Range hosts, it was a privilege and an honor to meet and work with these professionals throughout this workshop.

Learn more about the work we do with Cyber Range:

Palo Alto Networks held its inaugural abbreviated Cyber Range at Ignite 2016 and, with the positive customer feedback, will be repeating it at Ignite 2017. We’d love for you to join us!


[Palo Alto Networks Research Center]

Leave a Reply

Copyright © 2006-2022 Philip Hung Cao. All rights reserved