Cyber SandBox Concepts
Motivation
Many education providers struggle to provide insights into the complex operational environments found in industry settings, resulting in graduates whose experiences and competencies are misaligned with the careers and work roles that they aspire to. Additional challenges are posed by the rapid evolution of cyber threats, tactics, techniques, procedures (TTPs) and the pace of technological advances, requiring educators to provide agile, scalable and authentic learning experiences.
What is Cyber SandBox?
Cyber SandBox is a live simulation environment that provides collaborators with the opportunity to build, deploy, configure and simulate both activities and experiences that align to all phase of the Cyber Security Operations Process Cycle.
Collaborators can explore operations and security workflows that include IT landscaping, vulnerability scanning, application deployment, pen testing, architecture design, aggregation of security data, SIEM tooling, automation, incident response, recovery and much more.
As part of a broader employability strategy, Cyber SandBox aims to prepare students for real-world technology roles and supports competency-based learning strategies, while simultaneously enhancing the scope of collaborative educators who want to create innovative and impactful learning experiences. For example, users of Cyber SandBox can...
Create realistic IT operations and cyber security scenarios (e.g., architecture design, alerting, incident response etc.)
Share collaborative and immersive learning experiences (e.g. between institutions and student collaborators)
Create environments that are designed to align with employer requirements and that support competency-based learning methodologies.
Supported Project Domains
Cyber SandBox can support a vast array of competency-based projects. Project domains include:
1. Enterprise Network Infrastructure
Network architecture and topology design
Network segmentation implementation
Routing and switching configuration
Virtual Local Area Networks (VLANs)
Software-Defined Networking (SDN)
Network Access Control (NAC) solutions
VPN technologies (site-to-site and remote access)
Firewall implementation and rule management
Intrusion Prevention Systems (IPS) deployment
2. Security Monitoring and Detection
Security Information and Event Management (SIEM) platforms
Network Detection and Response (NDR) systems
Endpoint Detection and Response (EDR) solutions
Log aggregation and correlation tools
Security analytics platforms
Threat intelligence platforms and feeds
Network traffic analysis tools
Anomaly detection systems
User and Entity Behaviour Analytics (UEBA)
3. Vulnerability Management
Vulnerability scanning tools
Penetration testing frameworks
Vulnerability assessment methodologies
Configuration compliance scanning
Patch management systems
Risk scoring and prioritisation methodologies
Remediation tracking and verification
Asset discovery and inventory systems
4. Identity and Access Management
Directory services (Active Directory, LDAP)
Authentication systems and protocols
Multi-factor authentication solutions
Privileged Access Management (PAM)
Role-based access control implementation
Single Sign-On (SSO) technologies
Identity governance and administration
Access certification and review processes
5. Incident Response Technologies
Security orchestration and automation platforms
Digital forensics tools and techniques
Malware analysis environments
Threat hunting platforms
Incident tracking and case management systems
Containment and eradication tools
Memory forensics and disk imaging solutions
Network forensics capabilities
6. Cloud Security
Cloud service provider security controls
Cloud Security Posture Management (CSPM)
Cloud Access Security Brokers (CASB)
Cloud Workload Protection Platforms (CWPP)
Infrastructure as Code (IaC) security
Containerisation security (Docker, Kubernetes)
Serverless security
Cloud-native security monitoring and logging
7. Operational Technology (OT) and Industrial Control Systems
SCADA systems and protocols
Industrial Control System (ICS) components
OT network monitoring and anomaly detection
ICS security assessment tools
Air-gap protection technologies
OT/IT convergence security controls
Industrial protocol analysis tools
OT-specific security monitoring solutions
8. Data Protection and Cryptography
Encryption technologies (symmetric and asymmetric)
Public Key Infrastructure (PKI)
Data Loss Prevention (DLP) solutions
Digital signatures and certificates
Key management systems
Secure file transfer protocols
Secure messaging platforms
Database security controls
9. Security Automation and Orchestration
Security Orchestration, Automation and Response (SOAR) platforms
Workflow automation tools
Scripting and programming for security automation
API integration capabilities
Playbook development environments
Automated remediation systems
Continuous Integration/Continuous Deployment (CI/CD) security
10. Compliance and Governance
Governance, Risk and Compliance (GRC) platforms
Compliance assessment tools
Policy management systems
Control frameworks implementation
Audit logging and reporting solutions
Evidence collection and management tools
Regulatory compliance monitoring systems
11. Business Continuity and Disaster Recovery
Backup and recovery systems
High availability solutions
Disaster recovery planning tools
Business impact analysis platforms
Crisis management systems
Continuity of operations planning
Recovery time objective (RTO) and recovery point objective (RPO) measurement
12. Threat Intelligence and Analysis
Threat intelligence platforms
Indicator of Compromise (IoC) management
Threat hunting frameworks
Attack surface analysis tools
Cyber threat analysis methodologies
Dark web monitoring capabilities
Adversary behaviour analysis systems
13. Data Analytics and Visualisation
Security data analytics platforms
Real-time data processing frameworks
Data lake implementations for security telemetry
Interactive dashboard development
Network flow visualisation tools
Security metrics and KPI visualisation
Threat mapping and relationship visualisation
Temporal analysis and pattern recognition tools
Geo-spatial security data visualisation
Custom reporting and visualisation frameworks
Data exploration and discovery platforms
Alert correlation and visualisation systems
14. Artificial Intelligence and Machine Learning
Anomaly detection using machine learning
Behavioural analytics and profiling
AI-based threat detection systems
Machine learning for alert prioritisation
Predictive security analytics
Natural language processing for threat intelligence
Deep learning for malware analysis
User behaviour modelling
Automated threat hunting using AI
Security automation with machine learning
AI-based security orchestration
Supervised and unsupervised learning for security event classification
Project Outcomes, Outputs and Impacts
This is a long-term project that aims to support the following outcomes, outputs and impacts:
Enhanced graduate readiness for technology career roles (e.g. operations, security, technical sales, consultancy).
Improved collaboration between academia and employers.
Development and application of technology solutions for SMEs.
Better understanding and awareness of cyber security across disciplines.
Improved methods for delivering learning experiences in a manner that is scalable, responsive and agile.
How to get involved?
This is an expansive and multi-dimensioned project that requires both technical and non-technical collaborators. Participation is voluntary, however pre-approved expenses for travel etc can be covered. If you would like to have a chat about ways that you may be able to contribute time, knowledge or practical expertise to this project, message innovate@cseconnect.org.
Getting started
If you are new to CSE Connect create an account, login and join this impact project. If you have an existing CSE Connect account, login and join this impact project.