Ravello, SimSpace Use Virtualization To Create True-To-Life CyberSecurity Simulations
Ravello Systems and SimSpace Corp. are partnering on an easy to use cloud-based way to create simulated cyber attacks – and test the effectiveness of defenses, responses – and even IT skills.
The SimSpace approach is called ‘cyber ranges,’ and it leverages Ravello HVX hypervisor infrastructure and nested virtualization technologies. These ‘cyber ranges’ enable an enterprise to completely encapsulate a multi-VM application and run it on any cloud. This is then augmented with the SimSpace VCN, (“virtual clone network”) that are self-contained and isolated from the internet.
With this cyber range virtual environment, users can obtain a type of safe sandbox, where they can safely model threats and responses – all without introducing risk to core systems.
Beyond testing the effectiveness of threat deterrents, SimSpace’s cyber ranges let users run cyber defense simulations in the VCN to identify faults, train new users, and test the behavior of modifications such as replacing a firewall of one type with another or modifying policies. SimSpace’s product also has an attack framework with the ability to inject common network attacks and even simulate “zero day” attacks.
Lee Rossey, CTO and co-founder of SimSpace, spelled out how the VCN approach looks to create an intricately detailed model of a user’s network to assure the findings from the cyber simulations are valid. This excerpt is from n a recent guest post on Ravello Systems’ blog:
Our intent is to provide a safe environment where you can test and train without the unnecessary consequences. Despite the advantages of being isolated, effective testing and training still require a realistic Internet within our VCNs. To accomplish this, we re-host thousands of sampled web, email, and ftp sites. We also provide root and domain DNS servers and core BGP routing. Within the VCNs, just as a typical network, we run Virtual Routers, full Windows Domain Controllers, Exchange, IIS, DNS and File servers. Linux, Unix and other server and client operating systems are also included along with their popular services.
. . . [W]e also include real content in the sites and services so that our virtual users can interact with that content in a realistic manner (e.g. send/receive/open email attachments, click on embedded URLs, etc). We are also able to tailor and reproduce important features of many domain-specific or custom applications and services that are critical to your business area.
Ravello’s CEO and co-founder Rami Tamir noted the impact of the two companies working together, “SimSpace’s VCN is a vivid example of the power of Ravello’s technology, which eliminates the need for enterprises to wait for hardware, invests in setting up complex environments or take on the added risk of simulating security attacks in their own data centers.”
By running on Ravello HVX, the SimSpace VCN instances can be spun up and down on demand. This means enterprises can automatically spin up the environment of their choosing on the public cloud, for just the amount of time that they need it, he noted. Further, CIOs no longer need a dedicated staff to build, operate, and maintain custom, in-house, and often separate, security development, test and cyber training environments, according to Tamir.
Ravello’s HVX nested virtualization brings the following benefits:
- Migration-free cloud environments: run data center environments in cloud capsules without converting VMs or changing networking topology (static IPs, DNS, VLANs etc.).
- Faster release cycles: parallelize testing by using infinite capacity of the public cloud. Give each engineer their own lab.
- Self-service provisioning: isolated multi-tier environments provisioned with one click or REST API call.
- Collaboration across teams: developers and QA engineers snapshot multi-tier environments and share across teams.
- Reduce development and testing cost: pay only for usage.
Rob Nelson, a seasoned virtualization professional, shared some insights on the Ravello / SimSpace partnerships in his blog RNELSON0 on Infrastructure, Virtualization and Security. Nelson explained how the two technologies work together to deliver innovations for how VMs can fight off cyberattacks.
Each [SimSpace] VCN starts as a blueprint and multiple instances can be deployed using Ravello’s hypervisor in the target cloud. You can deploy multiple DMZs, layer on additional networking like VLANs and port mirroring, and add just about anything else you want to replicate from your production environment. The network will contain not only the server OS VMs but a plethora of network and security devices from vendors such as Cisco, Checkpoint, Fortinet, and Palo Alto Networks.
Existing policy settings (firewall, threat, etc.) can then be deployed on the appropriate VCN components. Each instance is completely isolated, allowing the user to treat each VCN as if it were production, but without the negative side effects if something goes wrong. SimSpace’s traditional clientele would then run cyber defense simulations in the VCN to identify faults, train new users, and test the behavior of modifications such as replacing a firewall of one type with another or modifying policies. SimSpace’s product has an attack framework with the ability to inject common network attacks and even simulate “zero day” attacks.
The Ravello/SimSpace approach uses capacity from Amazon Web Services and Google Cloud to provide full featured pre-configured cyber ranges.