USE CASE: Grow and Maintain Cyber Skills With a Cyber Range

GROW AND MAINTAIN CYBER

SKILLS WITH A CYBER RANGE
Business Problem
SPOTLIGHTS
To improve operational efficiency, governments and businesses are
Industry adopting new technologies that modernize their processes. At the
All same time, the world is struggling with a shortage of trained, skilled
cybersecurity talent to maintain the safety and security of lives reliant
Use Case upon, and data on, these networks. Gartner advises to maintain digital
Repurpose existing talent, grow, test and
dexterity with cyber range. Digital dexterity, as defined by Gartner, is
maintain cyber skills with a Cyber Range using
“the ability and desire to exploit existing and emerging technologies for
Palo Alto Networks Next Generation Security
business outcomes.”1
platform for your Blue team.
Business Benefits Business Drivers
• Repurpose existing talent into much-needed Every expansion into new digital technology – remote employee access,
cyber talent. client self-service, Wi-Fi, SaaS, cloud, IoT and more – necessitates edu-
• Grow and maintain existing cybersecurity cating practitioners and executives on the potential security impact to
practitioners’ skills. the network as well as how to maintain protection of data and networks
as the technology is adopted. Organizations must hire and retain good
• Extend cybersecurity understanding to talent, and ensure their practitioners maintain proficiency with the
non-technical, non-cybersecurity practi- growth in threat types and attack vectors. They must also ensure their
tioners and officers. executives comprehend the potential risk from security threats that
Operational Benefits could impact lives, the business or resiliency of the government. The
• Minimize network disruption and risk by train- best way for humans to retain knowledge is to apply it. Thus, a growing
ing practitioners on an extensible platform number of organizations are looking to cyber ranges to grow and
that protects your business as you expand, maintain that security proficiency and business-level understanding.
adopt new technology or move to the cloud. According to Gartner, “by 2022, 15% of large enterprises will be using
cyber ranges to develop the skills of their security teams, up from less
• Train on how to improve visibility and simplify than 1% today.”2
compliance with a consolidated set of dash-
boards, logs and reports on a broad diversity Traditional Approaches
of security threats. Traditional cybersecurity training has often consisted of tabletop exer-
• Reduce cyber range administrator and student cises or classroom teaching, which, though important, do not replace
operational burden; increase efficacy. real, hands-on experiential learning.

Security Benefits In the past, if an organization was able to fund practitioner enrollment
• Train your teams on the latest security threats in a cyber range, there were some challenges. Often, the range’s threats
and their impact on your organization. were allowed to grow stale, reducing their relevance. Moreover, the
range’s blue team technology was frequently only a partial defense or a
• Automatically prevent the latest threats daisy chain of security capabilities strung together into a complicated,
through correlated threat insights across your ineffective approach.
organization.
As a result, practitioners were trained on irrelevant attacks, and
• Experience the power of rapidly updated emerged from the class still lacking security best practices and unable
threat prevention regardless of location – to capitalize on innovative approaches for faster, more effective attack
­server, endpoint, network or cloud. prevention.

Palo Alto Networks | Grow and Maintain Cyber Skills With a Cyber Range | Use Case 1
USE CASE: Grow and Maintain Cyber Skills With a Cyber Range

Organizations that built their own cyber ranges or similar experiential training environments had similar challenges:
• Setup, reset and maintenance for such complex blue team technology, as well as the rest of the exercise network,
required considerable time and effort.
• Cyber ranges were expensive to acquire and maintain – just like their traditional networks ­­– with the necessary blue
team security capability to train effectively.
• Range participants needed just as much time to learn to use all the blue team technology as they did for the hands-on
exercises themselves.
• If the blue team technology was meant to emulate the organization’s own operational systems, more time was needed
to update the range accordingly.

Palo Alto Networks in Cyber Ranges

In stark contrast to other approaches, Palo Alto Networks® appliances have been used as blue team technology in ­multinational
military and critical infrastructure exercises as well as single-country, single-government and business cyber ranges.
­Administrators choose Palo Alto Networks appliances for:
• Easy administrator setup of all defensive capabilities needed for a powerful experiential learning environment.
• Ease of student adoption of the blue team technology, allowing students more time in the hands-on portion of classes
and less in setup.
• Up-to-date, comprehensive threat prevention capabilities across network, endpoint, cloud and remote simulation
­environments.
• Cutting-edge threat prevention across the widest variety of single- and multi-vector attacks, constantly updated and
protecting networks from never-before-seen threats in as few as five minutes.
Palo Alto Networks appliances allow cyber range students to:
• Classify all traffic – including encrypted traffic – and enforce policies based on applications, users and content.
• Selectively decrypt encrypted traffic for analysis and segment networks based on users or groups.
• Use cloud-based threat analysis to dynamically analyze suspicious content in a virtual environment to discover zero-day threats.
• Utilize IPS/IDS, antivirus, anti-spyware, vulnerability protection, DNS sinkhole, and command-and-control protection.
• Filter URLs to continually protect against new phishing and malware sites as well as sites associated with attacks, even
blocking malicious links irrespective of the delivery mechanism, including email.
In addition, students have the option to get hands on with:
• Securing mobile staff, employees with mobile devices and third-party contractors.
• Using advanced endpoint protection to practice blocking exploits and malware on critical assets, such as POS devices,
unpatched servers and corporate endpoints.
• Reviewing contextual threat intelligence analysis on all Palo Alto Networks threat data.
• Setting policies for and providing security within SaaS applications.
• Managing the network with a comprehensive view across all threat prevention sensors.

Actual Customer Implementation

One Palo Alto Networks partner operates annual, global military readiness and cyber training exercises for a multinational
military organization. The small company runs on a tight timeline for all aspects of this important two-week exercise to come
together. In the past, the company had used security capabilities from several different vendors for student blue team capa-
bilities in the classroom. However, the growing complexity of the “real-world” threats, coupled with the limited time students
had in the range, meant considerable time in setup and less in exercises. Worse, while the company strove to generate the
latest single- and multi-vector attacks to effectively prepare the military practitioners to withstand and defeat the threats they
were most likely to encounter, the security point products on the market continually failed to stop the attacks in their cyber
ranges. The company needed a way to reduce setup time and complexity while both giving students a richer, more engaged and
realistic experience and providing more effective security.

1 “Boost Resilience and Deliver Digital Dexterity With Cyber Ranges”, Gartner 2018
2 Ibid.

Palo Alto Networks | Grow and Maintain Cyber Skills With a Cyber Range | Use Case 2
USE CASE: Grow and Maintain Cyber Skills With a Cyber Range

Implementation Overview
After years of operating this complex, operationally intensive architecture, the company finally decided to better control costs, com-
plexity and student downtime by changing its security infrastructure to Palo Alto Networks. The company knew there was a better way
to more quickly identify application-level cyberattacks for its students to experience within the exercise network that would also give
them a more realistic simulation and a chance to work with more advanced threat prevention. Today, the company confirms its migra-
tion to Palo Alto Networks was effective and timely from an operational perspective, and says it has received positive user feedback.
Furthermore, this successful partnership has led many of the company’s satisfied customers to invest in Palo Alto Networks from their
experiences, and the company is now an active channel partner for Palo Alto Networks.
While some implementation details vary, the company typically uses the following Palo Alto Networks products in every cyber range:
• PA-800 or PA-3000 Series next-generation firewalls with:
◦◦ Threat Prevention service

◦◦ URL Filtering service

◦◦ WildFire® threat analysis service

• Panorama™ network security management
The company has held successful trials and is getting ready to implement:
• AutoFocus™ contextual threat intelligence service
• Traps™ advanced endpoint protection

Benefits of Palo Alto Networks for a Cyber Range

Using Palo Alto Networks Next-Generation Security Platform as blue team technology in a cyber range to consolidate security functions
and provide the most effective cyberattack prevention, any organization can reap the benefits.

Business Benefits
• Decrease capital and operational costs with fewer divergent technologies and devices for cyber range administrators to deploy
and manage.
• Improve student understanding of how best to secure every area of their network – data center to endpoint to perimeter to cloud.

Operational Benefits
• Minimize administrator setup and reset time as well as complexity for each cyber range.
• Decrease cyber range student classroom technology adoption time in favor of real exercises.
• Reduce cyber range student manual effort to correlate threat insights and prevent threats across multiple devices and platforms.

Security Benefits
• Tougher threat prevention across the most diverse range of attacks.
• Stronger threat prevention across the whole of the network – data center, cloud, perimeter, endpoint – for more applicable
classroom-to-job learning.
• More complete student visibility – and thus, cyberattack campaign understanding – of threats from a single pane of glass, with
full context and analysis.
• More effective security best practices adoption with Zero Trust and other key security tenets.
• Reduced network attack surface allowing students to eliminate unknown or unexpected applications.
• Faster time to student threat prevention with automated updates pushed regularly to devices.

Additional Resources
Follow these links to find further information on the advantages of Palo Alto Networks approach to preventing successful cyberattacks:
https://www.paloaltonetworks.com/products/designing-for-prevention/security-platform
https://www.paloaltonetworks.com/cyberpedia/5-ways-endpoint-security-and-network-security-should-work-together
https://www.paloaltonetworks.com/cyberpedia/why-you-need-static-analysis-dynamic-analysis-machine-learning

Palo Alto Networks | Grow and Maintain Cyber Skills With a Cyber Range | Use Case 3
USE CASE: Grow and Maintain Cyber Skills With a Cyber Range

Services to Help You

Support
Palo Alto Networks Customer Support automates the discovery of related cases to increase productivity and get you to a resolution
more quickly. We offer multiple support packages: Standard, Premium and Premium Plus. You can also opt for your own technical
account manager as a subscription-based extension of Premium Support. Premium Plus provides both a designated technical support
engineer and technical account manager who will learn and understand your deployment at technical and business levels, accelerating
incident resolution.

Consulting
Palo Alto Networks Consulting Services provides access to specialized talent knowledgeable in ensuring the safe enablement of applica-
tions. By matching talent to task, we deliver the right expertise at the right time, dedicated to your success.
Resident engineers, for example, provide on-site product expertise and are uniquely qualified to advise you on how to get the most out
of your Next-Generation Security Platform deployment.

Education
Training from a Palo Alto Networks Authorized Training Center delivers the knowledge and expertise to prepare you to protect our way
of life in the digital age. Our trusted security certification courses provide the necessary Next-Generation Security Platform knowledge
to prevent successful cyberattacks and safely enable applications.

Conclusion
As an organization’s digital footprint expands, governments and businesses are working hard to ensure they do what’s necessary to
protect data and their networks from successful cyberattacks. Cyber ranges are effective tools to ensure their teams are prepared to do
just that. Palo Alto Networks can provide effective blue team technology in your cyber ranges and effective threat prevention in your
organization. We want to ensure your teams are well-prepared for the realities they must address in supporting today’s networks, and
help you grow and maintain the necessary cybersecurity skills and agility of your workforce, today and in the future.

3000 Tannery Way © 2018 Palo Alto Networks, Inc. Palo Alto Networks is a registered trademark of
Santa Clara, CA 95054 Palo Alto Networks. A list of our trademarks can be found at https://www.­
Main: +1.408.753.4000 paloaltonetworks.com/company/trademarks.html. All other marks mentioned
Sales: +1.866.320.4788 herein may be trademarks of their respective companies. grow-and-maintain-cyber-
Support: +1.866.898.9087 skills-with-a-cyber-range-uc-040418

www.paloaltonetworks.com