cyber ranges on aws using ravello
TRANSCRIPT
On-demand Cyber Ranges on AWS using Ravello
How SimSpace built its Cyber Range
David Rocamora, Abhinav Gupta, Lee Rossey
November 2015
Today’s speakers
David RocamoraSolutions Architect
AWS
Lee RosseyChief Technology Officer
SimSpace
Abhinav GuptaDirector Product
MarketingRavello Systems
Housekeeping
• Lots of great material to cover• All attendees on mute – please use the Q&A window for questions• Slides & recording will be shared at the end of the session• If you are already a Ravello user, please rate/review us on AWS
Marketplace
Agenda
• What are cyber ranges?• AWS – enabler for secure workloads• Ravello Systems – perfect platform to build cyber ranges
– Technology : nested virtualization & software defined networking overlay– Live demo– Benefits
• How SimSpace used Ravello to build cyber ranges on AWS– Virtual Clone Network– Cyber Range demo
Ravello Systems
Herit
ageFounded 2011
Benny Schnaider and Rami TamirEx
perti
se
VirtualizationNetworking Storage
Prod
uct SaaS – overlay cloud on AWS that runs VMware & KVM
appliances with L2 networkingGA: Jan-2014
Public & Private Cloud
Inve
stor
s
SimSpace
Herit
ageFounded 2015
Bill Hutchison, Lee Rossey, Laura Lee
Expe
rtis
e
Complex network emulations Sophisticated modeling/assessment toolsHigh fidelity production network cloning
Prod
uct
SaaS/enterprise software – cyber range solutionsGA – Jan 2016
Cyber testing, training, exercises and assessments
What is a cyber range?
Realistic presentation of the networks, infrastructure, tools and threatRealism
Control Safe and controlled environment for live-fire attacks and disruptive effects
Management Ability to define, create, control, monitor, instrument, score and sanitize the environment
Range Infrastructure which supports a testing, training, exercise or mission rehearsal event
Security Secure and protect the customers data
Accurately cloning a production network is non-trivial
Components must be installed and configured like the real network; fully automated build process
AWS enables customers to run secure workloads
The shared responsibility model
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones Edge
Locations
Client-side Data Encryption
Server-side Data
EncryptionNetwork Traffic
Protection
Platform, Applications, Identity & Access ManagementOperating System, Network, & Firewall Configuration
Customer applications & content
Security of the Cloud
AWS Foundation Services
Compute Storage Database Networking
AWS Global Infrastructure Regions
Availability Zones Edge
Locations
Security in the Cloud
AWS Trusted Advisor
AWS Config Rules
Amazon Inspector
Best practices for performance, reliability, and security
Create rules that govern configuration of your resources
Security insights into your applications
AWS Compliance AWS: Security of the cloud
Customer: Security in the cloud
Cyber ranges are extremely sophisticated environments
Host
Host
Host~
Host
Host
Host~
Host
Host~
Host
Host
Host~
• Complex networking interconnect • Different types of VMs & appliances
mimicking real world scenarios
• Layer 2 networking• Isolated environments• Large scale
…
…
……
Ravello – a platform for building cyber ranges
Use existing or create new multi-tier environments
Quick-deployment – move environments to AWS ‘as-is’
Same networking interconnect as DC
On-demand capacity Global reach and scale Usage-based costs
Ravello’s nested virtualization platform with networking overlay enables VMware & KVM VMs / appliances to run with data-center like capabilities on AWS ‘as-is’ – without migration
Nested Virtualization
Network & Storage Overlay
Self-contained capsule with same VMs & Networking
=+
AWS
same VMs & networking –
encapsulated and isolated
Technology that powers it all - HVX
Unmodified application environmentHigh performance nested virtualization and overlay network
• Runs VMware & KVM VMs and provides application networking services
• Exposes a clean Layer 2 networking to ‘Guest’ VMs
AWS EC2x86 hardware
AWS (Xen)
HVX
DHCPDNS
Software defined networking
Nested virtualization engine
VM VM VM VM
How it works – Ravello live demo
upload your VMs (VMware or KVM)
Ravello auto-discovers the network. {Edit if needed}
deploy to AWS
spin up as many isolated copies as you need
Benefits of using Ravello
Automated deployment of cyber ranges & other workloads through REST API supportAutomation
Scalablility Build cyber ranges and other enterprise environments to ‘real-world’ scale
High Fidelity ‘Drag & drop’ creation of high fidelity copies of production environments for cyber ranges, security testing & training
On-demand Available on-demand – bringing cost economics of public cloud to security testing & training environments
Secure Capsule Isolated self-contained environments – prevent leakage into cloud
Usage based pricing – no upfront fees or commitment
VM
VMVM
VM
Total resources needed for sample 4 VM
application 8 vCPU/ 16 GB RAM$0.56 - $0.96
per hourincludes AWS price
Varies based on complexity of application
network and performance needs
Example: Each VM has 2vCPU and 4 GB RAM
SimSpace’s Cyber Range solutionAWS
SimSpace cloning technology makes laborious simple
Operating Systems• Windows 2008 R2• Windows 7• CentOS, Ubuntu, Kali
Security Tools• Symantec SEP• Splunk• RSA Netwitness• Security Onion• ELK, Google Rapid Response
Network Instances• 3 copies for team training• 1 copy for new products
General• 280 nodes• 15 span ports
Automated setup and configuration of complex environments
SimSpace’s automated range buildout
Step 1 - Create Templates
Step 2 - Network Definition
Step 3 - Build AutomationStep 4 – Configure Devices
Step 6 – Validation
• Infrastructure devices• Operating Systems• Security appliances
• Definition Files (CSV, YAML)
• Provision hosts
• Setup rules, policies
Step 5 – Traffic Tuning• Traffic flows• User behaviors
SimSpace’s enterprise class tools for security practitioners
Monitor the network traffic, user activity and attacker
actions
Visualize the impact of attacks and user actions on
core systems and their effect on business functions
Control and record actions from the defenders, attackers and injects for precise logging
and timing
Event Tracking Network Monitoring Mission Impact
SimSpace Cyber Range – Live Demo
SimSpace’s Cyber Range benefits
Sophisticated, realistic traffic generation--yet rapid
Traffic Generation
Attack Modeling Advanced emulation of sophisticated attackers for realistic “train as you fight” capabilities
Assessment Tools
Mirrors Production Network
Simulate high-stress cyber attacks and disruptive effects on production network clone; model “what if” scenarios
Range Automation Easy, automated buildout of enterprise software components
State-of-the-art assessment tools
Next Steps
2 mins
30 mins
depends on VMs
Identify a multi-VM environment
Sign up for Ravello free trial (2,880 CPU hours)
Technical call to familiarize with Ravello
Upload VMs
Call to check network, deploy, take a blueprint
Start using
15 mins
Thank you!