From IoT threats to forensics: How this simulator is helping sharpen cybersecurity skills

Available on premise or as a service, the new iPhalanx security simulator aims to offer flexible training in live, real-life scenarios.

indraiphalanx2015nov770x219.jpg
Spanish IT systems and services firm Indra's Cybersecurity Operations Center has jointly developed a simulator to train security professionals in attack techniques and countermeasures. Image: Indra

Cybersecurity is not about to go away. Quite the opposite, with spending on defending IT systems estimated to balloon from $77bn this year to $170bn in 2020, according to MarketsandMarkets.

That view is backed up by researchers at Indra's Cybersecurity Operations Center, located in San Fernando de Henares, Madrid, who expect the security sector to double in the next five years.

In part that growth will be driven by the number of devices connected to the internet multiplying six-fold. Cisco reckons 50 billion devices will be connected by 2020.

As a result, the cybersecurity landscape will be affected not just by hackers correlating information from public networks, but also by attacks on private sources, such as smartphones, cars and home-automation systems.

In tackling this problem, technology is the relatively easy part, according to Indra. The real challenge is training IT professionals to manage the risks and do their job effectively.

That's why Spanish IT systems and services firm Indra, with annual sales of approximately €3bn ($3.17bn) and clients in 138 countries, has developed the iPhalanx security simulator.

It's a technology platform that provides security professionals with flexible training in live scenarios where everything is real, from the information systems that need to be defended or attacked, to the malware and cyberattacks themselves, through to the countermeasures deployed.

jorgelopezhernandez-ardieta220x291.jpg
Indra cybersecurity manager Jorge López Hernández-Ardieta: iPhalanx can model IoT attack techniques. Image: Indra
Even if similar facilities have been developed in the US and Israel, by competitors such as Cisco, iPhalanx should be considered "the market's most advanced cyber range," according to Indra cybersecurity manager Jorge López Hernández-Ardieta.

It provides hands-on training of individuals and teams in computer forensics, defence and attack techniques and tactics, cooperative and competitive defence exercises (CDX), simulation and secure experimentation of new technology, malware and cyberweapons, and a controlled environment for testing.

These systems can be used on-premises or as a service, using a browser and an internet connection.

The first prototypes of iPhalanx were funded by the Spanish ministry of industry, energy and tourism within the INNPACTO program for the national plan for scientific research, development and technological innovation, with the support of the Carlos III University of Madrid and the University of Malaga.

Now UPM, Madrid's technical university, has also joined the team to strengthen the project, which has been developed over the past four years.

The first commercial version of iPhalanx was recently released. López Hernández-Ardieta says the suite is designed to improve five essentials skills: vulnerability assessment, network and system configuration, exploration and identification of targets, as well as computer forensics (the collection and pooling of evidence) and report generation.

The platform is already used by several universities, armed forces and public bodies in the field of cybersecurity. Yet, the client profile is "much broader" and includes large enterprises, as well as smaller, López Hernández-Ardieta says.

To keep the platform tuned into new threats, it taps into information from sources such as those provided by security data and analytics firm Rapid7 and the US government's NIST National Vulnerability Database.

For the latest attack techniques, iPhalanx uses information collected by experts at Indra's Cyber Security Operations Center, or i-CSOC, who conduct daily detailed analyses of malware attacks and other threats aimed at customers.

The suite has also been designed to address threats aimed at Internet of Things applications. "iPhalanx can incorporate scenarios with mobile devices or smart elements using emulation techniques to simulate a smartwatch with Android Wear, for example, so that the user is able to investigate attack techniques," López Hernández-Ardieta says.

Experts argue that security simulators are an effective approach for organizations to train staff and prepare them to react effectively against current and future cyber threats.

Manel Medina, security expert founder of the Spanish computer emergency response team, or es-CERT UPC, and author or the book Cibercrimen, argues that, "Any business offering critical services to society and public administrations should consider using these kinds of tools at least once a year."

Read more about IoT and security