Skip to main content

Help us improve the Digital Marketplace - send your feedback

CYBEXER TECHNOLOGIES

Cyber Range platform / Cyber security exercises

Highly scalable, flexible and high availability cyber range platform. The main function of a cyber range is to provide realistic simulated environments for exercises, trainings, security/technology testing and other simulations. The platform also includes a target library and features that enable integration of special systems or creating custom scenarios.

Features

  • Cyber Range Platform - simulated environment
  • Cyber Exercises - play out real-life cyber threat scenarios
  • Team and Individual Capture the Flag Exercises (CTF)
  • Visualization and situational awareness during exercises
  • Open Platform, supporting pre-made and customised content
  • Classroom trainings on-premises and virtual instructor-led training
  • E-courses - self paced with pre-made and custom learning content
  • Trainings mapped to NIST and NICE framework
  • Cyber Drills
  • User and team evaluations

Benefits

  • Able to play out real life cyber threat scenarios
  • Enables testing of organizations procedures in the cyber crisis events
  • Enables training of IT-team's cyber security awareness and response
  • Able to test users cyber security skills
  • Users are able to test and train on real-world systems
  • Allows the organization of internal or external competitions
  • Supports visualization and situational awareness during the exercises
  • Allows customization of the trainings and exercises to organizations needs.
  • Allows import of 3rd party content using SCORM modules
  • Allows evaluation of candidates real-world skills in standardized environments

Pricing

£80,000 to £2,000,000 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

4 2 5 4 3 3 2 5 3 9 1 5 7 1 5

Contact

CYBEXER TECHNOLOGIES Kristiina Omri
Telephone: +372 56682088
Email: kristiina.omri@cybexer.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
For private cloud deployments, the underlaying platform utilized must be VMware vSphere.
System requirements
No specifications.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Different support options available.
NBD
24/7 4h
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
No
Web chat support
Yes, at an extra cost
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Slack is being utilized as our communication software for remote chat support.
Tests and conformance reports can be accessed on the vendors page: https://slack.com/accessibility and https://slack.com/accessibility-plan
Onsite support
Yes, at extra cost
Support levels
Different support levels available.
NBD remote support with on-site support after fault diagnosis if required.
24/7 remote support with on-site support after fault diagnosis if required.
Expedited event support - during critical or high profile events such as cyber exercises dedicated on-site support can be provided.
Support available to third parties
No

Onboarding and offboarding

Getting started
Depending on the type of the contract we provide: Full administrator training for the platform. On-boarding training for the participant for large-scale exercises. Online resources for trainings or small engagements. The trainings can take place either on-site or online depending on the agreement.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Users should extract the required data before contract end, data will be deleted after the contract end pending a grace period of up to 3 months. Different options available.
End-of-contract process
After the contract end, the users will lose access to the platform. After the grace period has expired or confirmed by the customer the user data will be deleted.

Using the service

Web browser interface
Yes
Supported browsers
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
No
Service interface
Yes
User support accessibility
None or don’t know
Description of service interface
The main interface for interacting with the cyber-range is a web based UI.
During the exercises and trainings the participants can utilize native tools to administer the different systems such as SSH and RDP to provide fully realistic experience.
Accessibility standards
None or don’t know
Description of accessibility
The services are accessible either over utilizing a web browser or with a VPN client.
The service provides general overview and control systems, that provide access depending on user roles. For the simulated training and exercise environments we provide full administrative access to the participants.
Accessibility testing
We are committed to making our services accessible to everybody, but have not completed any formal testing yet.
API
Yes
What users can and can't do using the API
For the management, and scoring interface the platform is fully API driven, with access controls based on the user role.
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
With the platform is fully customizable.
We offer ready-made content for our customers as well as wither altering existing trainings and exercises or the possibility to create new trainings from scratch.

Scaling

Independence of resources
Each customer is separated into a resource pool, that provides and limits the resources utilized by the tenant. Every tenant can be scaled automatically according to the underlying infrastructure capacity.

Analytics

Service usage metrics
Yes
Metrics types
Service metrics provided are tier level specific as we have 3 tier levels, services and usage metrics vary accordingly.
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Users can either export their data utilizing the available API calls form the main management interface or request the export of data from support.
Data export formats
Other
Other data export formats
JSON
Data import formats
Other
Other data import formats
JSON

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We are able to provide several tiers of SLAs starting from 98% to 99.9%
For compensation, additional credits for the platform usage are provided. Other forms of compensation are dependent on customer agreement.
Approach to resilience
The resiliency level depends on the hosting model provided. The service can be provided as a service in multiple locations, or as a private cloud deployment.
Outage reporting
Outages to the platform are visible to customers via dedicated dashboard.

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
We follow ISO/IEC 27001 security framework.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Cyber essentials
No
Cyber essentials plus
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
No
Security governance approach
For 2022 will establish ISO 27001.
Information security policies and processes
We follow ISO/IEC 27001 security framework and the audit in process is planned at the end of 2022.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
The platfoem governance is carried out through utilizing infrastructure as code approach with all of the configurations and changes tracked in a version control system. Before applying any changes to customer environments, they are tested out on testing and staging environments. We follow ISO/IEC 27001 security framework and the audit in process is planned at the end of 2022.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We follow ISO/IEC 27001 security framework. We also conduct systematic and periodic penetration testing and vulnerability assessment activities against our software and systems.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
For incident management and breach detection our platform includes centralized logging environment. We follow ISO/IEC 27001 security framework. Cyber Range is not accessible directly through internet. There is a precise firewall and access controls in place.
Incident management type
Supplier-defined controls
Incident management approach
In case a breach is identified, the affected systems are quarantined,and investigated, and any vulnerabilities patched.
User notifications are done based on the criticality and the impact to user data and service access. We follow ISO/IEC 27001 security framework. Cyber Range is not accessible directly through internet. There is a precise firewall and access controls in place.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Social Value

Fighting climate change

Fighting climate change

CybExer Technologies is involved in the Green Deck Pledge to address the need for environmentally sustainable practices and reducing the carbon footprint.
Covid-19 recovery

Covid-19 recovery

Provided information on at least one of the Social Value components.
Tackling economic inequality

Tackling economic inequality

Provided information on at least one of the Social Value components.
Equal opportunity

Equal opportunity

Provided information on at least one of the Social Value components.
Wellbeing

Wellbeing

Provided information on at least one of the Social Value components.

Pricing

Price
£80,000 to £2,000,000 a licence a year
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.