Cyber Ranges: Digital Twins vs. Digital Cousins
It is sometimes said that twins are ‘double the trouble.’ This is especially true for cyber ranges.
In this context, a digital twin refers to the creation of an exact copy of a network and its systems, typically for simulation, testing and analysis in a controlled environment. It allows you to study the behavior of systems in a variety of scenarios without risking the actual environment.
However, it's difficult to achieve and incredibly expensive to accomplish.
Resource intensive
First, you have to know every separate element of your technical environment and it's configuration. This alone is a big challenge.
Only then can you replicate it by installing the same software, configuring it identically, mapping networks and more. Then, you have to keep it current. This is no mean feat given environments change frequently as systems are updated.
To use your twin for defensive cyber scenarios, you then have to bring in your red team to double as an attacker - increasing cost and making scheduling more difficult.
If your goal is creating an environment to test software updates, you may need a twin. They are also valuable for government cyber offensive exercises. However, a digital twin is expensive, resource intensive and overkill for most other use cases.
Cousins: Better than twins.
At RangeForce, we make it as easy as possible to enable cybersecurity teams to assess their defensive readiness in realistic environments without this burden on resources.
We do this by creating more of a 'digital cousin', than a twin.
Instead of burning resources building a carbon copy of your environment, you face real attacks, with real tools, teams and processes in a simulated network quickly and easily spun up in the cloud. This allows cybersecurity teams to develop a regular cadence of exercising, without the cost and complexity of maintaining a digital twin. Teams can select their tools, choose attack scenarios and engage in training with minimal setup.
Regular exercising is finally obtainable; not onerous.
In practice, this means hands-on experience fighting attacks using SIEMs, EDRs, firewalls, mail servers and more. You choose the tools, attack scenario and time - then invite your team. They show up with a login, and are ready to go - no prerequisites.
As you think about using a cyber range to improve the readiness of your cybersecurity teams, find yourself a cousin, not a potentially troublesome and demanding twin.
