CYBEXER TECHNOLOGIES

Cyber Resilience Training Platform (SaaS)

The Cyber Resilience Training Platform (SaaS) delivers a cloud-based solution for organizations to practice cyber resilience. It provides scalable, realistic simulations tailored to business and public sector cyber threats, emphasizing response and recovery to ensure organizations can withstand and quickly rebound from cyber incidents.

Features

• Real-World Scenario Simulations: Mimics business-specific cyber threats.
• Interactive Training Modules: Engages teams in practical response exercises.
• Customizable Security Challenges: Tailors scenarios to organization's unique risks.
• Real-time Feedback System: Provides situational awareness and performance evaluations.
• Continuous Learning Support: Offers ongoing updates and learning tools.
• Scalable Training Solutions: Adapts to any organization size.

Benefits

• Enhanced Cyber Preparedness: Prepares teams for diverse cyber threats.
• Reduced Incident Impact: Minimizes disruptions from potential cyber attacks.
• Improved Recovery Time: Accelerates recovery from cyber incidents.
• Strengthened Security Posture: Bolsters overall cybersecurity defenses.
• Increased Staff Competency: Boosts cybersecurity skills and knowledge.
• Strategic Risk Management: Enhances ability to manage and mitigate risks.

£64,000 to £340,000 a unit a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

134744628080686

Contact

Kristiina Omri
+372 56682088
kristiina.omri@cybexer.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: N/A
• System requirements:
  • No fixed specification
  • Negotiable with client

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We provide email and online ticketing support for all our platforms, systems, exercises, and training deliveries. Our standard response time for queries is within 24 hours on weekdays. For weekend inquiries, responses may take up to 48 hours. We strive to address and resolve all issues promptly to ensure minimal disruption to our services.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: No
• Web chat support: Web chat
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Slack is being utilized as our communication software for remote chat support. Tests and conformance reports can be accessed on the vendors page: https://slack.com/accessibility and https://slack.com/accessibility-plan
• Onsite support: Yes, at extra cost
• Support levels: We offer a standard support level included with all services, providing assistance during business hours. For clients requiring extended support, we offer additional support levels that can be customized based on their specific needs. The cost for these enhanced support levels varies depending on the scope and requirements. Each client can opt to have a dedicated technical account manager or cloud support engineer as part of their extended support package to ensure tailored and responsive service.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Depending on the type of the contract we provide: Full administrator training for the platform. On-boarding training for the participants for large-scale exercises. Online resources for trainings or small engagements. The trainings can take place either on-site or online depending on the agreement.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data should be extracted prior to contract end, data will be deleted after the contract end pending a grace period of up to 3 months. This grace period is to be agreed upfront. Different options are available.
• End-of-contract process: After the contract end, the users will lose access to any CybExer provided SaaS services. Any code base or products created at the request of the client will be handed over for retention by the customer. For hybrid cloud configurations, any CybExer service enabling architecture will be removed.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: The main interface for interacting with the cyber-range is a web based UI. During the exercises and trainings the participants can utilize native tools to administer the different systems such as SSH and RDP to provide fully realistic experience.
• Accessibility standards: None or don’t know
• Description of accessibility: The services are accessible either over utilizing a web browser or with a VPN client. The service provides general overview and control systems, that provide access depending on user roles. For the simulated training and exercise environments we provide full administrative access to the participants.
• Accessibility testing: We are committed to making our services accessible to everybody, however this formal testing has not yet been completed.
• API: Yes
• What users can and can't do using the API: For the management, and scoring interface the platform is fully API driven, with access controls based on the user role.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: With the platform is fully customizable. We offer ready-made content for our customers as well as wither altering existing trainings and exercises or the possibility to create new trainings from scratch.

Scaling

• Independence of resources: Each customer is separated into a resource pool, that provides and limits the resources utilised by the tenant. Every tenant can be scaled automatically according to the underlying infrastructure capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: A rich array of metrics for performance are used. These include technical performance and capacity (based on agreed tier), training availability and validation, and participant performance, reporting and reaction metrics.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users are able to export data utilising the available API calls from the main management interface or through a data export support ticket raised to Cybexer.
• Data export formats: Other
• Data import formats: Other
• Other data import formats: Various. To be agreed.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We are able to provide several tiers of SLAs starting from 98% to 99.9% For compensation, additional credits for the platform usage are provided. Other forms of compensation are dependent on customer agreement.
• Approach to resilience: Our resilience level depends on the hosting model provided. Our services can be provided as a distributed service in multiple locations, or as a private cloud deployment (on-premise).
• Outage reporting: Outages to the platform are visible to customers via dedicated dashboard and/or via email.; ; Planned outages will always be in accordance and agreement with the customer.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We follow ISO/IEC 27001 security framework.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: We follow ISO/IEC 27001 security frameworks. We are awaiting certification.
• Information security policies and processes: We follow ISO/IEC 27001 security frameworks. We are awaiting certification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The platform governance is carried out through utilising infrastructure as code approach with all of the configurations and changes tracked in a version control system. Before applying any changes to customer environments, they are tested out on testing and staging environments. We follow the ISO/IEC 27001 security framework.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We follow ISO/IEC 27001 security framework. We also conduct systematic and periodic penetration testing and vulnerability assessment activities against our software and systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: For incident management and breach detection our platform includes a centralised logging environment. We follow the ISO/IEC 27001 security framework. The Cyber Range Platform is not accessible directly through the internet. The platform is heavily segmented and protected with RBAC and firewall rules to control authorised and unauthorised access
• Incident management type: Supplier-defined controls
• Incident management approach: For incident management and breach detection our platform includes a centralised logging environment. We follow the ISO/IEC 27001 security framework. The Cyber Range Platform is not accessible directly through the internet. The platform is heavily segmented and protected with RBAC and firewall rules to control authorised and unauthorised access.; ; User can report incidents directly to CybExer support. Should an incident occur CybExer will provide an After Action Incident Report.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Fighting climate change is a collective responsibility rooted in our commitment to preserving our planet for future generations. By prioritizing sustainability, innovation, and collaboration, we aim to mitigate the impacts of climate change, protect vulnerable ecosystems, and foster a healthier, more resilient global community. Together, we strive to build a greener, more sustainable world where every individual has the opportunity to thrive in harmony with nature. To reduce our carbon footprint we use renewable energy sources where possible, we favour suppliers with a positive approach to climate change.

  Tackling economic inequality

  Fighting climate change is a collective responsibility rooted in our commitment to preserving our planet for future generations. By prioritizing sustainability, innovation, and collaboration, we aim to mitigate the impacts of climate change, protect vulnerable ecosystems, and foster a healthier, more resilient global community. Together, we strive to build a greener, more sustainable world where every individual has the opportunity to thrive in harmony with nature. To reduce our carbon footprint we use renewable energy sources where possible, we favour suppliers with a positive approach to climate change.

  Equal opportunity

  At CybExer, we believe in fostering an environment where every individual, regardless of their background, identity, or circumstance, has an equal opportunity to thrive. We are committed to creating a workplace culture that celebrates diversity, promotes inclusion, and ensures that merit and talent are the sole determinants of success. By championing equal opportunity, we not only enrich our workforce but also contribute to a more just and equitable society.

  Wellbeing

  At CybExer, we prioritize the holistic wellbeing of our community, employees, and stakeholders. Through our commitment to fostering a culture of care, support, and inclusivity, we aim to enhance physical, mental, and emotional wellbeing. We believe that investing in wellbeing not only improves individual lives but also strengthens the fabric of our society, fostering resilience, creativity, and sustainable growth. Together, we strive to create environments where everyone can thrive and flourish, contributing to a brighter, healthier future for all. Our employees are fully supported through their work. They have an emotional buddy, a workplace mentor, and access to funding wellbeing facilities and services. Our employees are the most important asset of our business.

Pricing

• Price: £64,000 to £340,000 a unit a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.