CYBEXER TECHNOLOGIES

Cyber Range platform / Cyber security exercises

Highly scalable, flexible and high availability cyber range platform. The main function of a cyber range is to provide realistic simulated environments for exercises, trainings, security/technology testing and other simulations. The platform also includes a target library and features that enable integration of special systems or creating custom scenarios.

Features

• Cyber Range Platform - simulated environment
• Cyber Exercises - play out real-life cyber threat scenarios
• Team and Individual Capture the Flag Exercises (CTF)
• Visualization and situational awareness during exercises
• Open Platform, supporting pre-made and customised content
• Classroom trainings on-premises and virtual instructor-led training
• E-courses - self paced with pre-made and custom learning content
• Trainings mapped to NIST and NICE framework
• Cyber Drills
• User and team evaluations

Benefits

• Able to play out real life cyber threat scenarios
• Enables testing of organizations procedures in the cyber crisis events
• Enables training of IT-team's cyber security awareness and response
• Able to test users cyber security skills
• Users are able to test and train on real-world systems
• Allows the organization of internal or external competitions
• Supports visualization and situational awareness during the exercises
• Allows customization of the trainings and exercises to organizations needs.
• Allows import of 3rd party content using SCORM modules
• Allows evaluation of candidates real-world skills in standardized environments

£80,000 to £2,000,000 a licence a year

• Education pricing available

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 13

Service ID

425433253915715

Contact

Kristiina Omri
+372 56682088
kristiina.omri@cybexer.com

Service scope

• Software add-on or extension: No
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Hybrid cloud
• Service constraints: For private cloud deployments, the underlaying platform utilized must be VMware vSphere.
• System requirements: No specifications.

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Different support options available.; NBD; 24/7 4h
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AA or EN 301 549
• Web chat accessibility testing: Slack is being utilized as our communication software for remote chat support.; Tests and conformance reports can be accessed on the vendors page: https://slack.com/accessibility and https://slack.com/accessibility-plan
• Onsite support: Yes, at extra cost
• Support levels: Different support levels available. ; NBD remote support with on-site support after fault diagnosis if required.; 24/7 remote support with on-site support after fault diagnosis if required.; Expedited event support - during critical or high profile events such as cyber exercises dedicated on-site support can be provided.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Depending on the type of the contract we provide: Full administrator training for the platform. On-boarding training for the participant for large-scale exercises. Online resources for trainings or small engagements. The trainings can take place either on-site or online depending on the agreement.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users should extract the required data before contract end, data will be deleted after the contract end pending a grace period of up to 3 months. Different options available.
• End-of-contract process: After the contract end, the users will lose access to the platform. After the grace period has expired or confirmed by the customer the user data will be deleted.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
  • Opera
• Application to install: Yes
• Compatible operating systems:
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: None or don’t know
• Description of service interface: The main interface for interacting with the cyber-range is a web based UI.; During the exercises and trainings the participants can utilize native tools to administer the different systems such as SSH and RDP to provide fully realistic experience.
• Accessibility standards: None or don’t know
• Description of accessibility: The services are accessible either over utilizing a web browser or with a VPN client.; The service provides general overview and control systems, that provide access depending on user roles. For the simulated training and exercise environments we provide full administrative access to the participants.
• Accessibility testing: We are committed to making our services accessible to everybody, but have not completed any formal testing yet.
• API: Yes
• What users can and can't do using the API: For the management, and scoring interface the platform is fully API driven, with access controls based on the user role.
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: With the platform is fully customizable.; We offer ready-made content for our customers as well as wither altering existing trainings and exercises or the possibility to create new trainings from scratch.

Scaling

• Independence of resources: Each customer is separated into a resource pool, that provides and limits the resources utilized by the tenant. Every tenant can be scaled automatically according to the underlying infrastructure capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: Service metrics provided are tier level specific as we have 3 tier levels, services and usage metrics vary accordingly.
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: In-house destruction process

Data importing and exporting

• Data export approach: Users can either export their data utilizing the available API calls form the main management interface or request the export of data from support.
• Data export formats: Other
• Other data export formats: JSON
• Data import formats: Other
• Other data import formats: JSON

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We are able to provide several tiers of SLAs starting from 98% to 99.9%; For compensation, additional credits for the platform usage are provided. Other forms of compensation are dependent on customer agreement.
• Approach to resilience: The resiliency level depends on the hosting model provided. The service can be provided as a service in multiple locations, or as a private cloud deployment.
• Outage reporting: Outages to the platform are visible to customers via dedicated dashboard.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: We follow ISO/IEC 27001 security framework.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: For 2022 will establish ISO 27001.
• Information security policies and processes: We follow ISO/IEC 27001 security framework and the audit in process is planned at the end of 2022.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The platfoem governance is carried out through utilizing infrastructure as code approach with all of the configurations and changes tracked in a version control system. Before applying any changes to customer environments, they are tested out on testing and staging environments. We follow ISO/IEC 27001 security framework and the audit in process is planned at the end of 2022.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We follow ISO/IEC 27001 security framework. We also conduct systematic and periodic penetration testing and vulnerability assessment activities against our software and systems.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: For incident management and breach detection our platform includes centralized logging environment. We follow ISO/IEC 27001 security framework. Cyber Range is not accessible directly through internet. There is a precise firewall and access controls in place.
• Incident management type: Supplier-defined controls
• Incident management approach: In case a breach is identified, the affected systems are quarantined,and investigated, and any vulnerabilities patched.; User notifications are done based on the criticality and the impact to user data and service access. We follow ISO/IEC 27001 security framework. Cyber Range is not accessible directly through internet. There is a precise firewall and access controls in place.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Public sector networks

• Connection to public sector networks: No

Social Value

• Fighting climate change:

  Fighting climate change

  CybExer Technologies is involved in the Green Deck Pledge to address the need for environmentally sustainable practices and reducing the carbon footprint.
• Covid-19 recovery:

  Covid-19 recovery

  Provided information on at least one of the Social Value components.
• Tackling economic inequality:

  Tackling economic inequality

  Provided information on at least one of the Social Value components.
• Equal opportunity:

  Equal opportunity

  Provided information on at least one of the Social Value components.
• Wellbeing:

  Wellbeing

  Provided information on at least one of the Social Value components.

Pricing

• Price: £80,000 to £2,000,000 a licence a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  ODT

• Service definition document

  ODT

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at kristiina.omri@cybexer.com. Tell them what format you need. It will help if you say what assistive technology you use.