A startup called SimSpace is using cloud and virtualization technologies to mimic enormous networks in order to run security tests and training, including simulated attacks.
We’re talking huge networks, the kind the U.S. government would use. And SimSpace founder Lee Rossey has some experience in that area. He spent 15 years at MIT Lincoln Laboratory, replicating the fed’s networks, physically wiring up racks of equipment to create an environment for security training and testing.
With Boston-based SimSpace, Rossey is taking the idea to the commercial realm, reaching into sectors such as large banks. The difference is that he no longer has to build networks. Instead, he creates virtual data centers in Amazon Web Services (AWS).
To make SimSpace operationally feasible — that is, to make it so the startup doesn’t need a literal army to run these simulated networks — the company is using nested hypervisor technology from another startup, Ravello Systems.
“What Ravello and the cloud allow us to do is make this commercially accessible,” Rossey says.
All of this comes to light because Ravello took some bragging rights in a press release last week, noting that companies such as SimSpace and Check Point Software use its HSX nested hypervisor to create virtual data centers that become temporary testing grounds for security tools and processes.
“Nobody in their right mind would want to do deep security testing on their production network,” says Navin Thandani, Ravello’s senior vice president of products and marketing.
SimSpace’s Cyber Range
SimSpace was founded about a year ago as Rossey saw the chance to take his “cyber range” work to the commercial world. Financial institutions are particularly interested.
“At the board level, what they want to know is: How prepared are we to defend against a Sony-type attack?” Rossey says.
SimSpace does have a physical data center for setting up networks the old-fashioned way, and it can also create testing environments inside a customer’s data center. What’s more interesting, though, are the networks SimSpace sets up in the public cloud.
SimSpace creates what Rossey calls a “hi-fi” replica of the client’s network, loads it with the client’s tools and defensive operations, and populates it with bots that represent ordinary users doing ordinary tasks such as Web browsing. Then it launches an attack and sees how the security measures — including the client’s human staff — react.
The goal might be to stress-test the system to see where security breaks. Or the customer may be a vendor trying to establish the efficacy of a new product.
The process relies on “repeatable and controllable tests” and a lot of automation, Rossey says. It only takes two people to build and service one of these environments.
Rossey would like to make it even more automated. “I’d like to allow an arbitrary organization to come in and, on demand, set up an environment with all the security and tools you could want on there.”
SimSpace employes about 30 people, two-thirds of them in engineering and operations — including the live “red team” (the attackers). The company has subsisted on customer funding from Day 1, with no outside investment, Rossey says.
The Part Where Oracle Comes In
So, what’s Ravello’s part in all this?
The startup’s nested hypervisor lets an enterprise control an AWS or Google Cloud Platform deployment as if it were a VMware or KVM environment in the enterprise’s own data center.
The idea came from the team that created the KVM hypervisor in the first place. They founded Ravello in 2013 with visions of letting enterprises move data center operations directly into the cloud.
What happens to Ravello’s AWS and Google support? Oracle hasn’t yet said, but a visit to the above-mentioned blog opens a window offering a 14-day free trial of Ravello on those other clouds.