Ixia CYBER COMBAT
The defensive player (blue team) is placed in a realistic environment that is very similar to the real world in the sense they have real servers to defend and the means to defend them, i.e. a next generation firewall and a security information event manager. One of the most realistic aspects of this environment is how the Ixia Cyber Range uses BreakingPoint, its flagship network traffic generation solution, to create a large number of good users in addition to those malicious users the blue team member must defend against. Why is this critical? The challenge of defensive network security is to search in the sea of good users for the breadcrumbs of attackers. This reality, coupled with a finite amount of playing time, forces the defensive player to be efficient in their defences; just like in the real world.
Offensive players (red team), begin the game with literally no information except for their own IP Address. They must scan and enumerate their potential targets and probe for weakness. Then align those weaknesses with the skills they possess to infiltrate. It is a truly blind process where the more skilled hackers will find the light switch on the wall faster and find flaws more quickly. This is a highly realistic scenario for a security auditor because they cannot go into an audit expecting to know what they will find. Even if they are familiar with the network, scanning may uncover unintended machines or routes to protected segments that should not be there.
In the spirit of a competitive and lively challenge, the players on the defensive side are guaranteed to be confronted with serious problems to solve that, normally, would be potentially disastrous to their organisation. Having diligence is a valuable trait for a defensive security operator as you never know when an acute scenario may be presented. In this game, they are guaranteed to experience an acute event.
For a security auditor, it’s not every day that they are set loose on a network they know nothing about with the instructions to infiltrate any machine they may encounter. Often the daily work of a red team member is highly task oriented; auditing code and deployments in order to help manage risk. A live penetration test is a moment of excitement for a truly competitive and passionate red teamer. This is that exact scenario.
The Ixia Cyber Range is centred around the BreakingPoint solution and the security research team that creates the attacks and traffic scenarios used by said solution. Ixia has a large, dedicated team of security professionals working full time to create new attacks and attack scenarios. As well as weekly new releases of current weaponised attacks, we also have a ‘daily malware’ release. In order to train effectively, it is crucial to have current attacks as part of the cyber range. No one is more equipped to distribute these attack scenarios than Ixia
The core of the hardware is the PerfectStorm platform for running BreakingPoint. This class of hardware can create up to 80 Gigabits of traffic per second and 60 million sessions, as well as launch infinitely unique meldings of attacks and real users. The higher-end version of the hardware, CloudStorm, can reach 2.4 Terabits. This custom solution is paired with Ixia’s visibility products in order to evenly distribute users and attack flows to the 20 or more players. Each player is equipped with a high-end next-generation firewall by Fortinet and a SIEM (we are currently using Splunk). However, the environment is completely modular and any security solution could be seamlessly dropped into the environment.