Cyber Range - A Story of Product Development
The story behind Cyber Range started three years ago with the formation of our DevOps team within the Professional Services (PS) department - a mix of programmers (front-end and back-end), system administrators, and automation engineers. The main goal of this team was the development of new solutions in different areas of expertise, such as cyber security, 5G, integration of Keysight solutions with clients’ tools/devices, or the creation of automation frameworks. As we started to work together, a cyber range unit began to form naturally, a kind of “commando” within the department.
We did our homework on what a cyber range means and what solutions already exist on the market. We were not the first to identify the need for such a product, but we were very attracted by words such as cyber security, cyber defense, cyber-attacks, red vs. blue teams, capture the flag, etc. At the same time, I had a multitude of information about the cyber range based on the experience of the PS team in the security area, and all that remained to be done was to put all the puzzle pieces together.
We had to decide which technologies, programming languages, databases, and services we would implement. Moreover, it had to be seen which multi-tenancy architecture is scalable and which orchestrator should be developed in order to handle virtual machines, as well as many other such details. And last but not least, we had to design an intuitive and easy-to-use interface.
The context around this new product was favorable because we could integrate other existing and mature Keysight solutions into Cyber Range, for example, BreakingPoint, a traffic generator of real attacks.
What exactly is Cyber Range and why do you need such a solution?
Keysight Cyber Range offers a controlled virtual environment, a flexible platform that enables clients or security professionals to learn and practice cyber skills in both the attack and defense areas, using real-world attacks and existing and current vulnerabilities.
Our solution mainly uses virtual machines but also offers the possibility to connect external physical and/or virtual equipment to be included as part of the range. Customers can also simulate their production network in an isolated environment and try different scenarios/attacks to see how their network elements react and, at the same time, how they can protect themselves from possible real cyber attacks. The solution includes a varied range of scenarios that simulate different types of real attacks, such as common phishing, DDoS, and brute force attacks, covering areas such as Malware, Forensics, Encryption, WiFi, Mobile, TLS/SSL, Packet Analyses, Incident Response, Steganography, Exfiltration, and others. All of these can be found in the form of predefined Scenario libraries from which the user can choose which scenario to start, or they can follow detailed step-by-step documentation and create a new type of attack from scratch.
To satisfy the desire for competition and gamification, we developed the CTF - Capture the Flag feature in which several teams will be able to compete simultaneously with the ultimate goal of identifying as many flags as possible (red or blue). Each flag has an associated score, and the team with the most points will be the winner. There is a live scoring, Team standings dashboard, including the possibility to chat throughout the CTF event, which offers the concept of gamification.
Cyber Range 1.0
After about one year of development, in July 2021, we managed to release the first version of CySOP (Cyber Security Operations Platform) with an R&D team of seven people. We celebrated our first release on a terrace near the office.
The Cyber Range team celebrating the first 1.0 release
During development, one of the team members joked that he had to put on his robe every time he had a complicated task to complete. This was during the pandemic when everyone was working from home. So, to celebrate our first release, the whole team received personalized robes. And since we’re talking about a Security solution, we can’t show the identity of the team members 😊
It is clear that the work each team member puts in translates into something tangible in a field such as cyber security, which changes at an incredible speed.
As for the motivation of the team members, we are primarily driven by the impact the product we developed has on the industry, the tangible results, and the freedom to work with top technologies.
Interview with the team / What does the team say?
What do you like about this project? What keeps you motivated?
“Entering a market where there are already well-known big players is not easy - especially if you want to create a product that is in direct competition with much better-known names. The fact that you can choose the technologies used in a project started from scratch, the direction the product will take, as well as your target audience is what I appreciate the most about this project.” (CRC, Project Manager Cyber Range)
“I had the privilege of being part of the team from the beginning, and I had the opportunity to work on many other projects. Every project I participated in came with its challenges, and that was a big motivating factor for me. I like the fact that the project is a dynamic one, it covers many areas of interest for me, and I don’t have the opportunity to get bored.” (Andrei, DevOps Manager)
What did you learn from the cyber range project?
“I learned that in a leading-edge market such as the security market, you have to be very flexible, both in terms of project requirements (which can change radically in response to market feedback) as well as the technologies used for implementation (which must also support the project, not hold you in place). All the more important in this case is the management of time and human resources (which in a traditional project are better defined).” (CRC, Project Manager Cyber Range)
“I learned a lot from this project because it challenged me, it took me out of my comfort zone. When I started the project, I knew exactly what I was getting into, and the experience lived up to expectations. In the beginning, being the small team, I could say that I had an accelerated ramp-up experience and had the opportunity to learn many things in a fairly short amount of time.” (Andrei, DevOps Manager)
What did you find difficult or interesting in the project?
“Interesting - certainly the technologies used, as well as their practical applicability and integration in such a complex application as Cyber Range. Difficult - hitting some limits (both hardware and software) and finding innovative ways to counter these limits to the extent of the possibilities given by the available hardware.” (CRC, Project Manager Cyber Range)
“I think the most interesting thing about this project is that, with the exception of the internal logistics part of the company, we are 100% autonomous in terms of architecture, internal logistics of the products, and the support infrastructure of the projects in which we participate. I think this makes us all more responsible and challenges us to go beyond our comfort zones in terms of knowledge.
I had the opportunity to study technological processes specific to different stages of the development of a software product, and I had the opportunity to learn to successfully use many well-known tools and programs in the field.” (Andrei, DevOps Manager)
Find out more about Cyber Range here.\