Cybersecurity Training System and Process
A system and process for operating a cybersecurity training platform, providing an immersive and hands-on learning experience through a secure virtual machine and simulated environment with real-world vulnerabilities, which is customized and provisioned on-demand using automation and artificial intelligence.
Continuation of U.S. Non-Provisional application Ser. No. 16/351,202
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENTNot Applicable
REFERNCE TO SEQUENCE LISTING, A TABLE, OR A COMPUTER PROGRAM LISTING COMPACT DISC APPENDIXNot Applicable
TECHNICAL FIELDThe inventive subject matter relates to a cybersecurity training system.
BACKGROUND OF THE INVENTIONCybersecurity involves the protection of computer systems from theft or damage to hardware, software or electronic data, and from disruption or misdirection of the services such computer systems provide. It is a field of great and ever-growing importance in the 21st century, in which nearly all commercial and governmental institutions are critically reliant on computer systems that could be targets of cyberattacks. Individuals and teams therefore must be trained to provide cybersecurity services. As a result, many cybersecurity training solutions have been developed in recent years.
Previous cybersecurity training solutions do not provide an on-demand, custom-fit training environment that focuses on specific skill levels and areas of subject matter expertise.
Previous cybersecurity training solutions do not provide an immersive, hands-on experience in a simulated environment that reflects real-world cyber landscape.
Previous cybersecurity training solutions require attendee offsite attendance, proctor onsite attendance, on premise hardware/software installation, and/or security policy exceptions.
Thus, there is a commercial need for new and improved cybersecurity training system.
BRIEF SUMMARY OF THE INVENTIONThe present invention is directed to a novel cybersecurity training system and process. Features of the system and process may include a customized, on-demand cybersecurity training environment for individuals and groups, through a gamified, immersive, hands-on environment. Users may log into a secured web portal and select a graphical user interface desktop client virtual machine with security tools and challenges, which may be rendered through a browser connection. The system and process may provide an objective to use the security tools to complete the challenges, upon which Users may submit a unique character sequence on a scoreboard in exchange for points that are commensurate with the difficulty of the challenges. The challenges may include several subject domains and skill sets to ensure users of all skill levels are capable of participating.
Various additional objects, features, aspects, and advantages of the present invention will become more apparent from the following detailed description of preferred embodiments of the invention, along with the accompanying drawing in which like numerals represent like components.
The following words appearing herein are understood by persons having skill in the art and are more specially defined as follows:
-
- “Web portal” means is a website that authenticates administrative and non-administrative users and grants them access to training resources.
- “Management portal” means a website that authenticates customers and partners and grants them access to customizing, purchasing, and provisioning their own training environment.
- “Virtual machine” means is an emulated logical computer system that provides functionality of a physical computer.
- “Connected” means the ability to transmit and receive information through a network.
- “Security tool” means a software application designed to provide offensive or defensive security functionality.
- “Browser” means a software application for accessing information on the world wide web.
- “Challenge server” means a virtual machine which hosts challenge modules.
- “Challenge” means an intentionally vulnerable target with varying degrees of difficulty in solving and several subject domains.
- “Score” means a reward given for solving a challenge, commensurate with a challenge's level of difficulty.
- “Scoreboard server” means a system which accepts proof of solving a challenge, rewards with points, and stores cumulative scores.
- “Secure” means the ability to control access to restricted resources through identification, authentication, and authorization.
- “Scoreboard map” means an interactive global map used to provide access to challenges.
- “Hyperlink” means a reference to another website location or file.
There are many possible embodiments of the invention, some of which are described below.
In further detail,
In further detail,
In further detail,
In further detail,
4.1 shows the log in of an administrator using the web portal interface; successful authentication permits the administrator to manage accounts and access to training resources.
4.2 through 4.5 show different connections that are the various virtual machines that are running within the environment. The docker server/challenge server hosts the learning modules or flags or challenges. The web portal is the interface users would log in to in order to access with the environment. The Kali Linux virtual machine(s) are what users would use to interact with the challenges and scoreboard . The scoreboard is where challenge points are earned through circumventing security controls.
4.6 through 4.12 show the setup of a demo where the user is given access to a Kali Linux instance and to a sharing profile that may be used for collaboration or troubleshooting. Multiple connections and teams can be created, grouped, and isolated from each other's machines. Access to a Kali Linux graphical user interface desktop environment may be made through a secured browser connection using web socket technologies.
In further detail,
In further detail,
In further detail,
There are many advantages of the invention compared to previous cybersecurity training solutions, some of which are described below, by way of example.
A further advantage of the invention is that it may provide on-demand, custom-fit training environment that focuses on specific skill levels and areas of subject matter expertise.
A further advantage of the invention is that may provide immersive, hands-on experience in a simulated environment that reflects real-world cyber landscape.
A further advantage of the invention is that it does not require attendee offsite attendance, proctor onsite attendance, on premise hardware/software installation, and/or security policy exceptions.
A further advantage of the invention is that it may be accessed via secured browser connection.
A further advantage of the invention is that it does not require any software installation or policy exceptions.
A further advantage of the invention is that it may be accessed from any device with a web browser, any location, any time.
A further advantage of the invention is that it may provide on-demand, automated, scalable provisioning.
A further advantage of the invention is that it may provide customized proprietary challenges.
A further advantage of the invention is that it may be adapted to all skill levels.
A further advantage of the invention is that it may include many different subject domains, many different levels of difficulty, and many different missions hosted in an on-demand, web-accessible, and dedicated tenancy cloud environment.
A further advantage to the invention is that the gamification of training makes learning fun and entertaining.
A further advantage to the invention is that users can train individually or with a team.
A further advantage to the invention is that users can compete individually or with a team.
A further advantage to the invention is that it may be used by individuals or for group training events, live vendor product demonstrations, talent acquisitions, or skills assessments.
It should be appreciated that each of the different components of the present disclosure may be implemented using different combinations of software, firmware, and/or hardware. Thus, the techniques described herein and shown in the figures can be implemented using code and data stored and executed on one or more electronic devices (e.g., computer). Such electronic devices store and communicate (internally and/or with other electronic devices over a network) code and data using computer-readable media, such as non-transitory computer-readable storage media (e.g., magnetic disks; optical disks; random access memory; read only memory; flash memory devices; phase-change memory) and transitory computer-readable transmission media (e.g., electrical, optical, acoustical or other form of propagated signals—such as carrier waves, infrared signals, digital signals). In addition, such electronic devices typically include a set of one or more processors coupled to one or more other components, such as one or more storage devices (non-transitory machine-readable storage media), user input/output devices (e.g., a keyboard, a touchscreen, and/or a display), and network connections. The coupling of the set of processors and other components is typically through one or more busses and bridges (also termed as bus controllers). Thus, the storage device of a given electronic device typically stores code and/or data for execution on the set of one or more processors of that electronic device.
While the foregoing written description of the invention enables one of ordinary skill to make and use what is considered presently to be the best mode thereof, those of ordinary skill will understand and appreciate the existence of variations, combinations, and equivalents of these specific embodiments. The invention should therefore not be limited by the above described embodiments, but shall include all embodiments within the scope and spirit of the invention.
Claims
1. A cyber simulation training platform system comprising a secured web portal configured to provide remote access to a cyber security tool to be used to complete a cyber security challenge through a browser connection.
Type: Application
Filed: Jan 14, 2022
Publication Date: Jun 30, 2022
Inventor: Bryan McAninch (Frisco, TX)
Application Number: 17/576,233