IBM sets up test range to practice fighting nightmare cyber battles safely
- 17 November, 2016 09:00
IBM Security has launched a network-emulation environment where corporate teams can play out attack scenarios so they are better prepared for incidents they might face in the real world.
The facility, called a cyber range (as in shooting range), provides a place for enterprises to practice incident-response, not only for their IT and IS staffs but also for company directors, C-level executives, corporate counsel, human resources pros, public relations staff – anyone who might be drawn into an actual cyber emergency.
+More on Network World: IBM: Many companies still ill-prepared for cyber attacks+
The goal is to give participants the feel of responding to an attack as realistically as possible so they are better prepared to face events in their production networks.
Teamwork and crisis-leadership skills they develop at the cyber range can translate into quicker incident responses and therefore less expensive ones, IBM says.
Infrastructure for the range consists of racks of servers that emulate the network of a Fortune 500 company. That includes a representative mix of typical business traffic, internet queries and emails.
Using VMware, IBM can reconfigure the network to fit any number of network and attack scenarios, and the facility includes 1TB of storage to house details of the scenarios.
So far, the company is still working through the first scenario and plans to eventually have a dozen or more. Select customers are running through the first scenario now.
+More on Network World: Cisco: Potent ransomware is targeting the enterprise at a scary rate+
The servers can fire off actual known malware code against the emulated network, so teams running through the exercises face genuine threats. The virtual environment is designed so the malware, some of which shuts down if it discovers it is executing in a virtual environment, won’t find out.
Staff running the simulations can tune them on the fly to make the situation more or less complicated to suit the group carrying out the exercise. “We don’t want them to fail but we want them to be challenged,” says Caleb Barlow, IBM Security’s vice president of portfolio marketing.
Scenarios can be spiced up with interjections – unexpected new developments that complicate matters. For example, word might come in that a nosey reporter has gotten wind of details about the attack or that the CEO is angry about how the response is going and creating more problems than they are solving.
The range includes a TV interview studio where an actor plays a reporter who grills participants about the breach that has affected the fake business set up for the simulation. The idea is to let them know what it feels like to give such interviews and to gauge how good they are at answering the questions.
+More on Network World: Phishing scheme crimps El Paso for $3.2 million+
Tools – IBMs – are available to help detect and respond to attacks.
The company hopes to have the cyber range ready for its sales people to present to customers Jan. 1, but there is already a waiting list for companies that want to play. Initially use of the facility is free, with priority given to IBM customers.
Cyber Range occupies two floors of the company’s newly appointed global security headquarters, in Cambridge, Mass. The room includes three rows of work stations that face a wall mounted video display where participants can share views of pertinent data about the simulated attacks.
Meanwhile, IBM Security announced formation of IBM X-Force Incident Response and Intelligence Services (IRIS), a team of more than 100 incident response specialists who can be called upon to help improve security, and plan training for respondents. IRIS helps customers identify the source of attacks so they can remediate them faster.
But IRIS also advises ahead of crises in order to harden customer environments against threats and to give appropriate protections to their most valuable assets.
IBM announced its 15-year-old security operations center (SOC) in Atlanta has been overhauled. The center is the hub for IBM Security’s network of SOCs that service customers around the world.
The improvements are part of a $200 million investment the company says it has made this year in facilities, services and software.