Sales
December 5, 2022
5
min read

Virtual Hacking Labs in Your Web Browser

Sean Carolan
Director of Sales Engineering

If Only It Were This Easy...

Computer hacking scenes in movies are fun. The hacker clicks a bunch of stuff, types furiously on the keyboard, and mutters some things under their breath until a flashing "Access Granted" banner pops up on the screen. Hollywood gets a pass on technical accuracy because let's be honest, who wants to watch some computer nerds running a bunch of command line tools in a terminal. Unfortunately, what works great on the big screen doesn't translate well into a product demo or workshop.

‍

realism - Is the Unix operating system featured in Jurassic Park real? - Movies & TV Stack Exchange
Fun fact: The UI that Lex is using to access Jurassic Park security is called Silicon Graphics 3D File System Navigator for IRIX. πŸ₯šπŸ¦ŽπŸοΈ

‍

The Software Security Vendor's Challenge

How can we package complex security concepts and potentially dangerous tools into a demo, trial, or workshop?

‍Computer security tools are challenging for even technical people to understand. Advanced technical concepts are hard to explain without hands-on experience in real environments. In the world of software sales and technical training, we don't get the luxury of hand-waving past the technical details.How does this thing work? What does it do? Why should I install your agent?

‍
In this blog we'll explore the use of browser-based labs as a training and proof-of-concept tool specifically for cybersecurity organizations.

What are Security Tools?

Security tools could be loosely described as any software or SaaS platform that does one or more of the following:

  • Scans infrastructure and code for vulnerabilities
  • Monitors infrastructure for security breaches or anomalies
  • Hardens infrastructure from attacks
  • Exploits vulnerabilities

Essentially anything that is meant to protect your infrastructure or data from harm would fit into this category. A recent survey estimated that companies spend nearly 60 billion USD each year on internet security tools. It's a huge market with many vendors competing for the budgets of every cloud security team across every major industry.

Faceless hacker in a hoodie illuminated by his laptop screen
Why does every stock photo of a hacker look like hipster Nazgul? πŸ‘¨πŸ½πŸ’»πŸ‘»πŸ’

Why are potentially harmful tools that can exploit vulnerabilities are on this list? In the world of cybersecurity, the same tools used by hackers are also used by security engineers and researchers. Security teams need to be familiar with the tools and weapons available in the hacker's arsenal. This presents a problem for organizations that need to run demos, build training environments, or conduct trials because some of these tools are dangerous or forbidden from being run on the enterprise network.

Browser Based Labs are the Future

Security vendors have a particularly difficult time getting new users to "try before you buy" because security tools tend to require a high level of access to sensitive networks and systems. Security teams are quite wary about installing external agents on their systems because they don't understand what the software will do, and it also creates some risk that the agent itself will become compromised. Some shops may agree to build a separate network or VMs for you to install your trial software or training lab, but this often takes weeks or months to get approved.

Internet Browsers, Personified
Web browsers as anime characters - Credit: ROSEL-D on DeviantArt

‍

The solution? Browser-based labs.
The one thing every corporate laptop has in common is a standard web browser. Instruqt brings full access to VMs, containers, Kubernetes clusters, AWS accounts, GCP projects, and Azure subscriptions. With Instruqt virtual browser-based labs you can construct security themed hacker playgrounds and realistic simulations of corporate networks and systems. This removes the biggest barrier to effective education and pre-sales for security companies, and that is getting your software installed and running.Let's explore a few of the different use cases for Instruqt web browser virtual labs:

Virtual Training Labs

Security vendors need an easy, convenient way to create realistic training environments that do not require the student to install software on their laptops or servers. Most enterprise organizations restrict what software may be deployed onto laptops to prevent malware and viruses. This creates a challenge for technical trainers in the security space because the tools and access level required for an effective lab are forbidden by policy. Let's take the open-source tool nmap for example. Nmap is a popular port scanner. In other words, it can "ping" thousands of machines per minute looking for ports that are open and listening for connections from other machines. Many organizations forbid the use of nmap and consider using it to scan internal networks a security threat.How can you teach someone to use tools like nmap in a safe environment? The answer is isolated private sandbox networks that you access through a secure web browser. Instruqt provides a gateway to these cybersecurity labs where your users can safely experiment with potentially dangerous tools like nmap without raising the ire of the corporate security team.

Proof of Value Trials

"Oh no, you're not putting that thing on our network."-Every Infosec Admin Ever

‍
Security sales engineers hear this phrase often. Security teams are never eager to allow untested new tools from an unknown vendor onto their network. Sometimes the prospect can be convinced to stand up a new network or virtual machine to install the software onto, but this could take weeks if it gets approved at all. Meanwhile the sales cycle is stalled because nobody is able to try out your software and make sure it works as expected.
‍

Dilbert by Scott Adams
Three months later, Asok finally got his VM provisioned...

‍

Instruqt's browser-based sandboxes can include entire cloud accounts that can be used for doing trials of monitoring and security tools. The security team is happy because they don't have to manage the cloud account. End users are able to quickly get hands-on with your tools and try all the different features in a safe way. And when the trial is done Instruqt will delete the entire cloud account, so there's no cleanup or worry about long-running cloud resources.

Security Software Demo Environments

We've discussed the 8 dos and don'ts of demo environments in a previous blog post. Security and monitoring software requires infrastructure to prove value. At the same time, you should not leave vulnerable web applications or services running all the time because your demo environment becomes a target for malicious actors. Demo environments should be temporary and ephemeral, and easy to stand up and tear down on short notice.Instruqt's browser-based lab environments are a perfect fit for security software demos. Content creators can easily create realistic scenarios using real tools and real exploits and vulnerabilities. Think of a highly secure laboratory where scientists can safely experiment with dangerous pathogens. Instruqt labs can be configured to demonstrate how security and monitoring tools are able to detect and notify engineers about real threats.
‍

Try Instruqt Yourself

Take a self-guided tour of Instruqt and get a preview of the end-user's experience on Instruqt.

If Only It Were This Easy...

Computer hacking scenes in movies are fun. The hacker clicks a bunch of stuff, types furiously on the keyboard, and mutters some things under their breath until a flashing "Access Granted" banner pops up on the screen. Hollywood gets a pass on technical accuracy because let's be honest, who wants to watch some computer nerds running a bunch of command line tools in a terminal. Unfortunately, what works great on the big screen doesn't translate well into a product demo or workshop.

‍

realism - Is the Unix operating system featured in Jurassic Park real? - Movies & TV Stack Exchange
Fun fact: The UI that Lex is using to access Jurassic Park security is called Silicon Graphics 3D File System Navigator for IRIX. πŸ₯šπŸ¦ŽπŸοΈ

‍

The Software Security Vendor's Challenge

How can we package complex security concepts and potentially dangerous tools into a demo, trial, or workshop?

‍Computer security tools are challenging for even technical people to understand. Advanced technical concepts are hard to explain without hands-on experience in real environments. In the world of software sales and technical training, we don't get the luxury of hand-waving past the technical details.How does this thing work? What does it do? Why should I install your agent?

‍
In this blog we'll explore the use of browser-based labs as a training and proof-of-concept tool specifically for cybersecurity organizations.

What are Security Tools?

Security tools could be loosely described as any software or SaaS platform that does one or more of the following:

  • Scans infrastructure and code for vulnerabilities
  • Monitors infrastructure for security breaches or anomalies
  • Hardens infrastructure from attacks
  • Exploits vulnerabilities

Essentially anything that is meant to protect your infrastructure or data from harm would fit into this category. A recent survey estimated that companies spend nearly 60 billion USD each year on internet security tools. It's a huge market with many vendors competing for the budgets of every cloud security team across every major industry.

Faceless hacker in a hoodie illuminated by his laptop screen
Why does every stock photo of a hacker look like hipster Nazgul? πŸ‘¨πŸ½πŸ’»πŸ‘»πŸ’

Why are potentially harmful tools that can exploit vulnerabilities are on this list? In the world of cybersecurity, the same tools used by hackers are also used by security engineers and researchers. Security teams need to be familiar with the tools and weapons available in the hacker's arsenal. This presents a problem for organizations that need to run demos, build training environments, or conduct trials because some of these tools are dangerous or forbidden from being run on the enterprise network.

Browser Based Labs are the Future

Security vendors have a particularly difficult time getting new users to "try before you buy" because security tools tend to require a high level of access to sensitive networks and systems. Security teams are quite wary about installing external agents on their systems because they don't understand what the software will do, and it also creates some risk that the agent itself will become compromised. Some shops may agree to build a separate network or VMs for you to install your trial software or training lab, but this often takes weeks or months to get approved.

Internet Browsers, Personified
Web browsers as anime characters - Credit: ROSEL-D on DeviantArt

‍

The solution? Browser-based labs.
The one thing every corporate laptop has in common is a standard web browser. Instruqt brings full access to VMs, containers, Kubernetes clusters, AWS accounts, GCP projects, and Azure subscriptions. With Instruqt virtual browser-based labs you can construct security themed hacker playgrounds and realistic simulations of corporate networks and systems. This removes the biggest barrier to effective education and pre-sales for security companies, and that is getting your software installed and running.Let's explore a few of the different use cases for Instruqt web browser virtual labs:

Virtual Training Labs

Security vendors need an easy, convenient way to create realistic training environments that do not require the student to install software on their laptops or servers. Most enterprise organizations restrict what software may be deployed onto laptops to prevent malware and viruses. This creates a challenge for technical trainers in the security space because the tools and access level required for an effective lab are forbidden by policy. Let's take the open-source tool nmap for example. Nmap is a popular port scanner. In other words, it can "ping" thousands of machines per minute looking for ports that are open and listening for connections from other machines. Many organizations forbid the use of nmap and consider using it to scan internal networks a security threat.How can you teach someone to use tools like nmap in a safe environment? The answer is isolated private sandbox networks that you access through a secure web browser. Instruqt provides a gateway to these cybersecurity labs where your users can safely experiment with potentially dangerous tools like nmap without raising the ire of the corporate security team.

Proof of Value Trials

"Oh no, you're not putting that thing on our network."-Every Infosec Admin Ever

‍
Security sales engineers hear this phrase often. Security teams are never eager to allow untested new tools from an unknown vendor onto their network. Sometimes the prospect can be convinced to stand up a new network or virtual machine to install the software onto, but this could take weeks if it gets approved at all. Meanwhile the sales cycle is stalled because nobody is able to try out your software and make sure it works as expected.
‍

Dilbert by Scott Adams
Three months later, Asok finally got his VM provisioned...

‍

Instruqt's browser-based sandboxes can include entire cloud accounts that can be used for doing trials of monitoring and security tools. The security team is happy because they don't have to manage the cloud account. End users are able to quickly get hands-on with your tools and try all the different features in a safe way. And when the trial is done Instruqt will delete the entire cloud account, so there's no cleanup or worry about long-running cloud resources.

Security Software Demo Environments

We've discussed the 8 dos and don'ts of demo environments in a previous blog post. Security and monitoring software requires infrastructure to prove value. At the same time, you should not leave vulnerable web applications or services running all the time because your demo environment becomes a target for malicious actors. Demo environments should be temporary and ephemeral, and easy to stand up and tear down on short notice.Instruqt's browser-based lab environments are a perfect fit for security software demos. Content creators can easily create realistic scenarios using real tools and real exploits and vulnerabilities. Think of a highly secure laboratory where scientists can safely experiment with dangerous pathogens. Instruqt labs can be configured to demonstrate how security and monitoring tools are able to detect and notify engineers about real threats.
‍

Try Instruqt Yourself

Take a self-guided tour of Instruqt and get a preview of the end-user's experience on Instruqt.

Sign up for newsletter

Here you'll get a quarterly newsletter made for growth-minded people

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Sign up for newsletter

Here you'll get a quarterly newsletter made for growth-minded people

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Try Instruqt Yourself

Get a closer look at how Instruqt can help you sell smarter and train better.

Take a self-guided tour of Instruqt