Enhancing your Cyber Skills through a Cyber Range

VP, Federal Sales,
VMware
@vmwaregov

Confidential │ ©2019 VMware, Inc.
VMware Digital Learning PlatformTM :
Cyber Range Solution
Accelerating Productivity through a Digital Learning
Experience
Bill Rowan
VP, Federal
October 2019

Many innovators had a hand in shaping the
cloud, but probably none were more important
than the small band of technologists – Diane
Greene, Mendel Rosenblum, Scott Devine, Ellen
Wang, and Eduard Bugnion – who in 1998
created VMware, the unique software program
referenced above which went public in 2007.
Without VMware there could be no
cloud…Why?...
~Thomas Friedman

Technology
Good Badand
amplifies human behavior…
:
or ?.

Tech as a Force For Good
Confidential │ ©2019 VMware, Inc. 5

ENGINEERING FOR GOODREQUIRES
GOOD ENGINEERING
ENGINEERING FOR GOOD

Cyber Crime at
Scale
Disinformation
at Scale
Privacy
at Risk
The Law of
Unintended Consequences
“We’re going to
give you free apps and
services that enhance
your life.”
“We’re going to bring
communities
together online.”
“We’re going
to use blockchain to
promote
transparency and
inclusion.”

There’s never been a more exciting time
to be a technologist.
Confidential │ ©2019 VMware, Inc. 8

Edge Computing
Hybrid Clouds
Public
Clouds
Art of the Possible > Mission Optimized, Software-Defined Digital Foundation
VMware Vision for a Mission-Driven Cloud
Consistent
Infrastructure
Consistent
Operations
Intrinsic
Security
Josh Townsend May 2019
ANY DEVICE
ANY APPLICATION
ANY CLOUD
Community
Cloud
Global Reach
Mission Optimized, Software Defined Digital Foundation
ML AI Blockchain
Future
Public Clouds
Tactical Edge
Clouds

Impacts to the Economy, Social, Health and Government Cyber Landscape
Improving Organization’s Cyber Security Posture
Introduction
Top Types of Cyber Attacks
• Denial-of-service (DoS)
• (DDoS) attacks
• Man-in-the-middle
(MitM) attack
• Phishing and spear
phishing attacks
• Drive-by attack
• Password attack
• SQL injection attack
• Cross-site scripting (XSS)
attack
• Eavesdropping attack
$2.4 million average cost
of a malware attack
Damage related to
cybercrime is projected to
hit $6 trillion annually by
2021
The damage from hacks
costs businesses $400
billion a year
5.4 billion attacks by the
WannaCry virus were
blocked
400,000 machines were
infected by the Wannacry
costing $4 billion to
remediate
Ransomware attacks
occur every 14 seconds
Ransomware attacks to
increase 5X by 2021
24,000 malicious mobile
apps are blocked every
day
Root Causes
• 48% malicious or criminal attacks
• 27% human error
• 25% IT and business process failures
Readiness
How to prepare you team and
infrastructure against Cyber Attacks?
Response
When an attack occurs what do we do
to stop?
Recovery
How do we address vulnerabilities?
Resiliency
How do you mitigate impacts of future
attacks?
Cyber Strategies

Defining the Value
What and Why a Cyber Range?
Cyber Threats
•High Risk to “live”
infrastructure
•Rapid Change
•Highly Complex
•Illegal in the wild
Cyber-workers
•Need diverse, realistic, real-
world and real-time
environments
•Need experience working
together to improve teamwork
and enhance team capabilities
Target
Environments
•Difficult or cost prohibitive to
duplicate
•Can be damaged or
permanently compromised
•Simulation is difficult or
impossible
Introduction
By 2022, 15% of large enterprises will be
using cyber ranges to develop the skills of
their security teams, up from less than 1%
today.
~Source: Gartner
A cyber range is a simulation platform that
enables cybersecurity teams to train and
develop cybersecurity expertise and manage
workforce planning.
~Source: Gartner
Image Source: redballon.com

• Static Cyber Learning
• Hands-on Lab Learning
• Vulnerability Research
• Exploitation
• Operating Systems Internals
• Exercise Expansion
• Production Network
Simulation
• Evolving Deployment Models
• Exercise Blueprint Library
Cyber Range Baseline Simulated Environments
• Dynamic Environments
• Red Team/Blue Team
• Capture-the-Flag
• Industrial Control Systems
Integration
Dynamic Exercises
Developing and Evolving Cyber Range Competencies
Cyber Range Use Cases
V a r y i n g M a t u r i t y & E v o l v i n g C y b e r R a n g e U s e C a s e s
Use Cases

Digital Learning Platform
On/Off-Prem Simulated
Enterprise Network Environment
VMware Digital Learning Platform & Cyber Range Solution
Introducing the VMware Cyber Range Solution
Introduction
Cybergaming, Blueprints, Consulting &
Operations
Improved Cyber Posture
Solutions & Innovations
V a l u e – S i m p l i c i t y - S c a l e - S e r v i c e s
ü Market & Customer Specific Solutions
ü Speed-and-Scale-to-Market
ü Consistent & Validated Platforms

Consistency, Security, Agility Across Cyber Modalities
VMware Cyber Range Solution
Consistent Digital Learning Platform Control Plane
Automation and Operations • Across Clouds
Consistent Infrastructure
VM Infrastructure • Container Infrastructure
Consistent Cyber Instructor and Worker Experience
CyberRangeSolution Solution Overview
Exercise Elements
Exercise Expansion
Vulnerability Research
Operating System Internals
Exploitation
Industrial Control System Security

The Cyber Maturity Builder TM offers a full range of skill-development challenges, meeting customers’
cyber maturity from “Foundational” to “Advanced”
Initial range content offerings
Maturity Model
Common
Exploit
Discovery
Common
Vulnerabilities
andAttacks
DataExfiltration
andDiscoveryLevel 1
Level 2
Level 3
Intermediate
Exploitationand
Discovery
Moderate
Vulnerabilitiesand
Attacks
DataExfiltration
andDiscovery
Level 1
Level 2
Level 3
Sophisticated
ExploitationDiscoveryand
Response
Sophisticated
VulnerabilityandAttacks
HighlySophisticated
DataExfiltration
Level 1
Level 2
Level 3
Skillset
Maturity
Cyber Maturity Model

Defining Benefits, Advantages, & Efficiencies
Cyber Range Solution Value
Solutions & Innovations
Readiness.
Response.
Recovery.
Resiliency.
E n h a n c e C y b e r s e c u r i t y P o s t u r e D e v e l o p C y b e r S e c u r i t y P r o f e s s i o n a l s
Integration
Flexibility to integrate with external
environments (e.g. cloud) and devices
(e.g. IoT, SCADA, ICS, etc.)
Learning Content
Platform for Classroom Learning,
Personal Assessment, & Certification;
develop Cybersecurity Professionals
Assess
Capability to monitor, report, and grade
Cyber exercises through
internal/external monitoring tools
Exercise &
Competitions
Host Cyber learning: static content,
exercise & competition, and simulated
environments
Segmented &
Secure
Segmented infrastructure platform to
simulate and test elements of Cyber
warfare not authorized for enterprise/
production networks
Network
Simulation
Simulate network architecture, traffic,
and services (e.g. topologies, patterns,
and web/app/e-mail)
Automation
Ability to automate the deployment of
networks and environments for Cyber
Range exercises and events
Testing &
Preparation
Utilize for Cyber Security testing of
application development and pre-
production release simulation
Value Wheel

VMware Cyber Range
Where are we showcasing?
October 11, 2019
Capture the Flag Competition: During this session,
participants will be provided a simulated
environment to conduct cyber game activities. Hunt
for security vulnerabilities in a system.
October 2019
Cyber Maturity Builder &
Howdy Neighbor/ICS Village Capture the Flag
Exercises
2019 Annual
Cyber Awareness Symposium
October 2019
Rapid Prototyping Event:
Riot in the Factory
Showcases

Thank You

Enhancing your Cyber Skills through a Cyber Range

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (20)

Similar a Enhancing your Cyber Skills through a Cyber Range

Similar a Enhancing your Cyber Skills through a Cyber Range (20)

Más de scoopnewsgroup

Más de scoopnewsgroup (20)

Último

Último (20)

Enhancing your Cyber Skills through a Cyber Range