Introduction

Cyber Struggle is a leading cybersecurity company that offers a 360-degree security approach to individuals and businesses who are looking to enhance their cybersecurity skills. With the current threat landscape rapidly evolving, Cyber Struggle aims to train and certify the special forces of the cyber world.

The company combines technical topics with criminology, terrorism, psychological warfare, adaptive thinking, teaming, mental resilience and leadership for a comprehensive approach to cybersecurity. Cyber Struggle is committed to providing the most intense cybersecurity training and certifications available and has developed the world's first interdisciplinary program. At the core of their training is Scrum, an Agile framework that emphasizes collaboration, adaptability, and continuous improvement.

Sonne Technology, a cloud-based solutions and consultancy service provider, was founded with a mission to offer cost-effective and flexible solutions to startups and SMEs. Prior to the founding of Sonne Technology in 2021, the team had collaborated on a project called Aegis with Cyber Struggle in 2018, laying the foundation for the partnership that would eventually lead to the development of the Helios simulation engine. The purpose of this project was to automate the drill environment creation and simulate an IT infrastructure for security analysts.

What is the Problem?

While creating several simulations, Cyber Struggle realized that the existing system was too rigid to create a new drill system. The process required expert-level coding and advanced-level cloud technologies, which took up a lot of time and proved to be inefficient for the team as they couldn't focus solely on creating simulations. Additionally, running Aegis required manual interventions, and setting up a new simulation could take up to 3 days if it was anything different from the original version.

This was when Cyber Struggle identified the need for a new system that would automate the process of creating simulations without requiring extensive manual work and coding.

Proposed Solution

With the aim of overcoming the challenges faced during the creation of simulations, Sonne Technology initiated Project Helios. Helios is a back-end system that allows security officers to declare the infrastructure and system components in a JSON file. The system then renders this declaration to AWS Infrastructure, with all the required software installed and with every single linking configuration procedure already done.

With the implementation of Project Helios, Cyber Struggle can create their simulations more efficiently and effectively. The previously required expert-level coding and advanced-level cloud technologies are no longer necessary, as Helios can fully automate the process of creating the simulations. This new system also eliminates the manual interventions and extensive setting up processes that plagued the old system, significantly diminishing the time required to create new simulations. With Helios, the Cyber Struggle team can focus on their core expertise of creating simulations, rather than spending time and effort figuring out unrelated parts. This allows the company to devote more attention to their core strength, which is developing innovative and effective simulations to train individuals and businesses in dealing with cyber threats. Thus, the implementation of Project Helios marks a significant step forward for Cyber Struggle's operation.

How it works?

Simulation Creation

The Helios simulation creation engine has three main components that work together cohesively to create simulations efficiently.

Firstly, the Infrastructure Engine utilizes JSON files provided by the security analysts to dynamically create the network infrastructure. The engine compiles the JSON and generates account and region-specific CloudFormation templates using AWS CDK, which the engine then deploys.

Secondly, the System Installation Engine uses the parameters in the JSON files to create dynamic and headless installation scripts unique to the environment. The engine then installs the applications based on a pre-defined schedule, using AWS System Manager Run Commands.

Finally, the Linking Engine addresses the challenges associated with linking applications installed on individual servers to other servers within the infrastructure. This engine gathers individual system status data and then initiates server and infrastructure-specific scripts to link the servers together.

The Helios simulation engine components work cohesively to reduce manual interventions, cutting down time required for creating and setting up simulations. The infrastructure engine and system installation engine create a dynamic installation of the network structure and applications based on pre-defined schedules respectively, while the linking engine solves the issue of linking applications installed on individual servers to other servers within the infrastructure.

Multi-Region Capability

Cyber Struggle serves clients across three continents, which presents a challenge in terms of providing service from a single region due to latency issues. To overcome this, Helios is designed to be region and account agnostic. When the slave counterpart is installed in the region, the Master Helios engine compiles and orchestrates the deployment procedure, while the slave regions receive instructions via AWS SNS and apply them there. This approach preserves the integrity of the deployment, while allowing scalability and worldwide response time.

With the implementation of this system, Cyber Struggle can now efficiently and effectively serve clients across multiple regions, without the need for extensive manual work or compromising on the quality of service. The Helios engine's multi-region capability marks a significant step forward for Cyber Struggle's operation and provides their clients with the high-quality service they need to stay protected in today's rapidly changing digital landscape.

Scenario Engine

One of the crucial components of simulations is unexpected drills and incidents that keep the trainees on their toes and prepared at all times. To implement this structure, Helios needed an additional component beyond the infrastructure engine, one that could immediately create an incident, gather the response and log the reaction from the trainee. This component is called the Scenario Engine.

The Scenario Engine accepts an incident script from the security analyst with its schedule, which can be modified as needed. When it is time to act, the engine creates an ephemeral container where it can execute the script, gather the response and log the reaction from the trainee. Analysts can now simulate unexpected situations to trainees, preparing them for unforeseen incidents that may require swift and decisive action.

This feature is particularly important in cybersecurity due to the rapidly evolving threat landscape. Trainees need to be prepared to handle various types of unexpected scenarios, and the Scenario Engine in Helios provides them with the necessary training to do so. This new functionality enables Cyber Struggle to better prepare and train individuals and businesses on how to deal with cyber incidents quickly and effectively, making it a key milestone in their mission to create a community of growth and mutual support.

Conclusion

The implementation of the Helios simulation engine has proven to be a significant milestone for Cyber Struggle. With Helios, Cyber Struggle can now create simulations more efficiently and effectively. The time required for creating and setting up simulations has shrunk from 3-5 days to just 3 hours.

The ability to deploy simulations more rapidly has had a positive impact on Cyber Struggle's operations, allowing them to create 10x more scenarios and infrastructures than before. This easiness and scalability has helped Cyber Struggle better serve clients across multiple regions, allowing for improved service quality and faster response times.

With Helios in place, Cyber Struggle can focus more on creating innovative and effective simulations to train individuals and businesses on how to deal with cyber threats, without being bogged down by manual interventions or the need for extensive technical expertise. This marks a significant step forward in the company's mission to provide a community of growth and mutual support in the cybersecurity arena.

Who are we?

Sonne Technology was founded in 2021 with the mission of providing cloud based solutions and consultancy services to businesses. Our focus is on creating Function as a Service (Serverless) products that offer customers an easy-to-manage, stress-free experience. We specialize in working with startups and SMEs, where flexibility and cost-effectiveness are key. Our team is ready to take on any challenge in an ultra-agile environment. We are dedicated to creating a community of growth and mutual support.