CYBEXER TECHNOLOGIES

AI Research & Testing Platform (Hybrid)

AI Research & Testing Platform (Hybrid/ private cloud) is a specialized, managed cyber range tailored for AI-related research, development, and testing activities. This advanced platform provides researchers with stable and scalable environments optimized for the complexities of AI, ensuring safe, efficient, and compliant algorithm advancement.

Features

• Hybrid Cloud-Enabled Rapid Deployment: Instant environments for swift AI development.
• Controlled Testing Environment: Managed cloud cyber range for AI testing.
• Performance Optimization: Fine-tunes AI parameters for maximum performance.
• Compliance Adherence: Ensures AI meets all regulatory and ethical standards.
• IaC-Based Content Creation, Automation and Deployment using Ansible.
• AI-Assisted Content Customization: Simplifies cyber range content adaptation

Benefits

• Research Efficiency: Saves time and resources, eliminates infrastructure management.
• Safety Assurance: Ensures secure AI testing without unintended consequences.
• Cost-Effectiveness: Lowers AI development costs by preventing failures.
• Regulatory Compliance: Maintains legal compliance throughout AI development.
• Scalable and Cost-Effective Infrastructure with Flexible, scalable cloud platform

£85,000 to £2,100,000 a unit

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

122300434977505

Contact

Kristiina Omri
+372 56682088
kristiina.omri@cybexer.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: For private cloud deployments, the underlaying platform utilized must be VMware vSphere.
• System requirements: No specifications.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different support options available.; NBD; 24/7 4h
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Slack is being utilized as our communication software for remote chat support.; Tests and conformance reports can be accessed on the vendors page: https://slack.com/accessibility and https://slack.com/accessibility-plan
• Onsite support: Yes, at extra cost
• Support levels: Different support levels available. ; NBD remote support with on-site support after fault diagnosis if required.; 24/7 remote support with on-site support after fault diagnosis if required.; Expedited event support - during critical or high profile events such as cyber exercises dedicated on-site support can be provided.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Depending on the type of the contract we provide: Full administrator training for the platform. On-boarding training for the participant for large-scale exercises. Online resources for trainings or small engagements. The trainings can take place either on-site or online depending on the agreement.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users should extract the required data before contract end, data will be deleted after the contract end pending a grace period of up to 3 months. Different options available.
• End-of-contract process: After the contract end, the users will lose access to the platform. After the grace period has expired or confirmed by the customer the user data will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The main interface for interacting with the cyber-range is a web based UI.; During the exercises and trainings the participants can utilize native tools to administer the different systems such as SSH and RDP to provide fully realistic experience.
• Accessibility standards: None or don’t know
• Description of accessibility: The services are accessible either over utilizing a web browser or with a VPN client.; The service provides general overview and control systems, that provide access depending on user roles. For the simulated training and exercise environments we provide full administrative access to the participants.
• Accessibility testing: We are committed to making our services accessible to everybody, but have not completed any formal testing yet.
• API: Yes
• What users can and can't do using the API: For the management, and scoring interface the platform is fully API driven, with access controls based on the user role.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: With the platform is fully customizable.; We offer ready-made content for our customers as well as wither altering existing trainings and exercises or the possibility to create new trainings from scratch.

Scaling

• Independence of resources: Each customer is separated into a resource pool, that provides and limits the resources utilized by the tenant. Every tenant can be scaled automatically according to the underlying infrastructure capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics provided are tier level specific as we have 3 tier levels, services and usage metrics vary accordingly.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can either export their data utilizing the available API calls form the main management interface or request the export of data from support.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We are able to provide several tiers of SLAs starting from 98% to 99.9%; For compensation, additional credits for the platform usage are provided. Other forms of compensation are dependent on customer agreement.
• Approach to resilience: The resiliency level depends on the hosting model provided. The service can be provided as a service in multiple locations, or as a private cloud deployment.
• Outage reporting: Outages to the platform are visible to customers via dedicated dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We follow ISO/IEC 27001 security framework.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: We follow ISO/IEC 27001 security frameworks. We are awaiting certification.
• Information security policies and processes: We follow ISO/IEC 27001 security frameworks. We are awaiting certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The platform governance is carried out through utilizing infrastructure as code approach with all of the configurations and changes tracked in a version control system. Before applying any changes to customer environments, they are tested out on testing and staging environments. We follow ISO/IEC 27001 security frameworks. We are awaiting certification.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We follow ISO/IEC 27001 security framework. We also conduct systematic and periodic penetration testing and vulnerability assessment activities against our software and systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: For incident management and breach detection our platform includes centralized logging environment. We follow ISO/IEC 27001 security framework. Cyber Range is not accessible directly through internet. There is a precise firewall and access controls in place.
• Incident management type: Supplier-defined controls
• Incident management approach: In case a breach is identified, the affected systems are quarantined,and investigated, and any vulnerabilities patched.; User notifications are done based on the criticality and the impact to user data and service access. We follow ISO/IEC 27001 security framework. Cyber Range is not accessible directly through internet. There is a precise firewall and access controls in place.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change is a collective responsibility rooted in our commitment to preserving our planet for future generations. By prioritizing sustainability, innovation, and collaboration, we aim to mitigate the impacts of climate change, protect vulnerable ecosystems, and foster a healthier, more resilient global community. Together, we strive to build a greener, more sustainable world where every individual has the opportunity to thrive in harmony with nature. To reduce our carbon footprint we use renewable energy sources where possible, we favour suppliers with a positive approach to climate change.

  Tackling economic inequality

  At CybExer, we are committed to tackling economic inequality by fostering inclusive opportunities and equitable outcomes for all. We believe that a fair and just society is built upon the foundation of economic empowerment, where every individual has the chance to thrive regardless of their background or circumstances. Through our actions and initiatives, we strive to narrow the wealth gap, promote upward mobility, and create a more balanced economic landscape. By investing in education, job creation, and community development, we aim to break down barriers and create pathways to prosperity for everyone, ensuring that no one is left behind.

  Equal opportunity

  At CybExer, we believe in fostering an environment where every individual, regardless of their background, identity, or circumstance, has an equal opportunity to thrive. We are committed to creating a workplace culture that celebrates diversity, promotes inclusion, and ensures that merit and talent are the sole determinants of success. By championing equal opportunity, we not only enrich our workforce but also contribute to a more just and equitable society.

  Wellbeing

  At CybExer, we prioritize the holistic wellbeing of our community, employees, and stakeholders. Through our commitment to fostering a culture of care, support, and inclusivity, we aim to enhance physical, mental, and emotional wellbeing. We believe that investing in wellbeing not only improves individual lives but also strengthens the fabric of our society, fostering resilience, creativity, and sustainable growth. Together, we strive to create environments where everyone can thrive and flourish, contributing to a brighter, healthier future for all. Our employees are fully supported through their work. They have an emotional buddy, a workplace mentor, and access to funding wellbeing facilities and services. Our employees are the most important asset of our business.

Pricing

• Price: £85,000 to £2,100,000 a unit
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.