CENTS® products are powerful emulation tools that provide an organization two critical benefits: 1) The ability to stress and test a network to evaluate potential operational and security weaknesses; 2) The ability to prepare cybersecurity operators to identify, isolate, remove, and recover from a cybersecurity attack.
Cyberoperations Enhanced Network and Training Simulators (CENTS®)
- Preeminent customizable network simulators; vendor agnostic
- Used to train cyber operators, test and evaluation, mission rehearsal, tool development and tactics refinement
- Available as stand-alone units, completely virtualized classroom configurations, cyber ranges, and mobile units for field exercises.
CENTS® provides an integrated solution to train and exercise the cyber workforce, and test, evaluate and validate processes, procedures, and configurations before implementing them on your network. Employing the same concept as putting the pilot in a flight simulator, CENTS® provides a realistic network-safe environment for training and exercising cyber operators and planners, and developing and testing effective response actions and tools for routine, zero-day, and catastrophic cyber events. CENTS® units are built to your specifications, a live-synthetic virtual simulator/trainer, thereby providing cyber operators with the same look and feel of their everyday environment.
Sentinel, Legion, Autobuild, Myrmidon – Reconstitution
SLAM-R® (Sentinel-Legion-Autobuild-Myrmidon-Reconstitution) is the brain and heart of CENTS® system. It is a software application suite that provides the needed synthetic and virtual elements for a fully immersive cyber operations environment. Integrated with the CENTS® platform, SLAM-R® provides the cyber operator with the needed features and effects of a real-world network operations center or a global Internet environment. SLAM-R has the ability to create and execute complex scenario-based network events.
The SLAM-R® tool suite operates independently within a single simulator or internetworked with other live-synthetic environments (like CENTS®’s Range Global internet™). SLAM-R® provides a unified interface for the simulator operator (e.g. instructor/tester/exercise controller). It includes a virtual population of thousands of clients and servers, all interoperating within a virtual Internet with data traffic emulating and standard user operations such as web surfing, email, and file server access, along with other data traffic to and from the Local Area Network and the Internet.
Sentinel — Monitoring and Status Reporting
Sentinel monitors and reports on the status of each event as it executes in Myrmidon, the attack/scenario module. Student actions and responses can be tracked based on the success of each event. Students often overreact to a real or perceived threat and inadvertently disable some part of the simulator while trying to defend their network. By monitoring event execution and student responses, the evaluator/instructor can maintain control and guide students toward the solution.
Legion — The Simulator’s Networked Environment
Legion provides network traffic, root DNS, and the Internet environment. Traffic is varied, complex and random — data traffic that emulates actual network traffic. Past performance has shown that participants easily can identify the unvaried traffic from a traffic generator designed for throughput and bandwidth testing. Traffic must be unpredictable and emulate the kind of daily activities occurring on a live network. With Legion, traffic can be configured to run without evaluator/instructor intervention for long periods of time. Traffic also can be paused; i.e., stopped at a specific point in time and restarted from that point.
Autobuild — Automated Simulator Builds
Autobuild connects to appropriate servers or devices and builds them from standard configuration files. This automated build results in a consistent baseline by removing the element of human error, and allows the simulator to be built quicker. All processes are automated and the evaluator/instructor can perform other tasks while letting the simulator effectively build itself.
Myrmidon — Runtime Scenarios and Events
The Myrmidon attack/scenario module allows the evaluator/instructor to control the simulated environment during training sessions and exercises. Attacks are instantiated as events. An event is an activity that a hostile entity might use to reconnoiter and attack a network. A scenario is a group of events arranged along a timeline. The evaluator/instructor/tester chooses a scenario from a menu, or uploads a custom event, loads the scenario into the execution manager, and presses an on-screen “play” button. The scenario runtime begins, and all events execute intermittently during a timeframe.
Typically, events are scheduled to execute at random intervals to provide an unpredictable environment for students. However, evaluators/instructors can manipulate events to suit the individual situation. They can skip to the next event in the scenario, re-run a previous event, or pause the scenario as desired. Events also can be executed manually, giving instructors/evaluators the ability to execute a custom scenario comprised of selected events.
Reconstitution – Simulator Snapshots and Re-baselining
Reconstitution allows easy re-roll of the simulator to a previous state by keeping “snapshots” of equipment and machine baselines. At any time, the instructor can restore any or all of the simulator to a preconfigured state. This is not a full reinstallation and configuration build, but rather a restoration of a previously existing baseline. Multiple sets of preconfigured baselines can be kept to provide differing levels of complexity for participants.
Range Global Internet
- Global internet simulator designed to replicate Internet routing, functionality and threats
- Adds fidelity to global events, competitions, exercises, target development
Have you ever wanted to develop a “bot-net,” deploy it around the world, then see what happens? Do you ever find yourself in need of a second Internet or an alternative safe global network that can be used for testing, tool development, or mission rehearsal? Would a virtual entity providing world-wide connectivity, routing, actual Internet addressing, and traffic generation (a veritable Internet-in-a-Box) simplify your Cyber testing, training, and exercises?
CENT®'s Range Global Internet (RGI) provides the look and feel comparable to the actual Internet. Powered by SLAM-R® appliance, the RGI provides for controlled and secure training and testing scenarios outside of the public realm. The RGI is completely virtualized, uses open source utilities, and engages true IP addresses found in the global Internet structure. The RGI is made up of 39 backbone routers with realistic dynamic routing supporting BGP, OSPF, EIGRP, and more. The RGI includes more than 150 class C subnets, supporting domestic and international web-sites, fully functional e-mail servers, along with global DNS and Network Time Protocol (NTP) services.
The RGI provides social media services ranging from domestic to foreign personal blogs, and Facebook and Twitter like services through C-Services (Cambook and Crytter). RFC compliant Internet traffic-generation provides routine traffic activities between Internet routers, DNS queries to actual servers, website “GET” request, e-mail generation, along with other miscellaneous random traffic. Traffic generation provides communication from both internal and external network interfaces.
Spread across six continents, the out-of-the-box RGI solution provides the true-IP global routing infrastructure and various location types for populating subnets around the world. Below the RGI’s core make-up (routers, DNS, NTP, traffic, e-mail, etc), each RGI’s space is customizable by the customer based on testing, exercises, and training scenarios requirements. Through the RGI’s Site Builder capability, multiple location types can be defined and represented around the globe such as large scale networks, hospitals, banks, universities, cyber cafés, commercial business, churches, government entities, and the military. Using Site Builder’s templates, clients add the particular assets they need. There are 16 physical interfaces for connecting physical devices to the RGI, including control/SCADA system interfaces. Physical devices then can be networked to a specific location. Locations have full domain services, defense in depth construction, and traffic passing between sites and machines.
Hands-on-Training Simulator (HOTSIM®)
- Network simulator designed for use by an individual or small team
- Appropriate for use in a classroom or test setting
- Max of 3 student seats
Cybersecurity Network Training Simulator (CYNTRS®)
- Larger scale unit for team/Capstone training
- Students/players interact in a single environment where actions of one effect operations of all
- 10+ Students Seats
Virtualized Cyber Classroom Environment (VCCE™)
- Cyber training environment designed for use in classes up to 30 students
- Single server solution with open source tool set
- 10 virtualized simulators with 3 student seats each