The Power of Cyber Ranges in Strengthening Cybersecurity

In the world of cybersecurity, the threat of a devastating cyber-attack looms large – in fact, there’s an attack every 39 seconds. As organizations around the world become more dependent on software, the risks of data breaches, ransomware attacks, and other cyber threats grow more severe.

At the most basic level, cyber ranges are simulated, purposely vulnerable environments designed to mimic the complex and rapidly evolving world of cyber-attacks. Software professionals can safely practice recognizing and exploiting vulnerabilities in these simulated environments.

The Effectiveness of Cyber Ranges

While cyber ranges have been around for several years, they've recently gained even more widespread attention. While this attention is partly due to the growing number and severity of cyber-attacks and the increasing sophistication of cybercriminals, studies have shown that cyber ranges work. Ponemon Institute recently released a study showing that realistic simulation is the #1 most impactful element in mitigation training.

To illustrate the importance of cyber ranges, thinking about the attacker's mindset may be helpful. Cybercriminals are always looking for vulnerabilities in an organization's defenses. They're constantly probing for weaknesses and testing techniques to bypass security measures. When they find a weakness, they exploit it to access sensitive data, install malware, or carry out other malicious activities.

To better defend against these attacks, security professionals need to be able to think like an attacker. They need to understand the tools and techniques that cybercriminals use – and understand their motivations -- to be able to anticipate their next move. This is where cyber ranges come in. By simulating different types of cyber-attacks, security professionals can better understand the attacker's mindset to develop better strategies to counter their tactics.

Enhancing Organizational Security Posture

But cyber ranges aren't just about preparing for an attack. They're also about improving an organization's overall security posture. Software professionals can develop and refine security protocols and procedures by identifying weaknesses and testing scenarios.

Many ranges encourage cross-functional teams to work together to "solve" the range, creating better communication and helping to solidify the security culture. In turn, cyber ranges improve an organization's ability to recognize vulnerabilities sooner in the development lifecycle to make their software more resistant to attacks.

Shadow Health: Security Innovation's 11th Cyber Range

On June 6th, Security Innovation formally released its 11th cyber range, Shadow Health, which is focused squarely on Application Security within a web-based environment.

Shadow Health is a simulated SaaS-based health management portal where patients and providers log in to communicate health-related data, such as appointments, prescriptions, and visit summaries.

It also turns out to be the perfect place for the attacker to steal this private data - and wreak general havoc. It's an ideal range for events involving the entire SDLC, and almost any role or experience level can have fun playing it - while getting into the attacker's mind.


About Jason Shepard, Product Marketing Manager

Jason Shepard is a Product Marketing Manager at Security Innovation. A Seattle sports enthusiast, he considers the Mariners, Seahawks and University of Washington Huskies as his primary pastimes. He also drives Uber for fun on the weekends.

Security Innovation Shadow Health Homepage
Homepage
Security Innovation Shadow Health Providers Tab
Providers Tab
Security Innovation Shadow Health Appointment Manager
Appointment Manager
Security Innovation Shadow Health CRWD CTRL Overlay
CRWD CTRL Misson Overlay
Security Innovation Shadow Health Prescription Management
Prescription Management
Security Innovation Shadow Health Visit Summary
Visit Summary

Get the Newsletter

Every two weeks we'll send you our latest articles along with usable insights into the state of software security.

Posts by Topic

View Full Topic List