Immersive Labs

Immersive Labs

True resilience requires people and teams work together. With a seamless and tailored experience for individuals, teams, and organization, we provide unmatched cybersecurity exercises and training, along with data-driven insights and guidance to improve resilience.
Immersive provides enterprise-class scale, security, reliability, and integrations for the world's largest organizations.

Features

• Interactive Labs: Hands-on cybersecurity exercises
• Real-Time Progress Tracking
• Adaptive Learning Paths
• Dynamic Scoring
• Cyber Range Simulations
• Skill Verification
• Scenario-based Training
• Advanced Gamification
• Detailed Reporting
• Remote Access

Benefits

• Hands-on cybersecurity exercises for practical skill development.
• Monitor and measure learner performance and progression.
• Personalized training routes based on individual skill levels.
• Real-time assessment and feedback on lab activities.
• Immersive scenarios replicating real-world cyber threats.
• capabilities and validate cybersecurity competencies.
• Contextual learning environments for practical skill-building.
• Engaging challenges and rewards to enhance learner motivation.
• Comprehensive analytics and insights for performance evaluation.
• Cloud-based platform for anytime, anywhere cybersecurity training.

£460 a unit

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at debbie.tunstall@immersivelabs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

703501000580852

Contact

Debbie Tunstall
+44 (0)20 3893 9101
debbie.tunstall@immersivelabs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: We occasionally require a maintenance window for major changes, however these are infrequent and scheduled for minimal disruption (usually weekends). Customers will be informed of upcoming changes via platform notifications.
• System requirements:
  • Cloud-based SaaS solution, hosted by AWS
  • A device (such as a computer or tablet)
  • Modern web browser
  • Stable internet connection to access the platform

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The time to resolve issues once Immersive Labs is notified can vary depending on complexity and severity of the issue. Immersive Labs aims to provide timely and efficient support to its users. The specific timeframes for issue resolution may be outlined in the service level agreement (SLA) or support terms agreed upon with the organization or customer.; Immersive Labs strives to acknowledge and respond to support requests within a reasonable timeframe, often within one business day. The actual resolution time can vary depending on factors such as the nature of the issue, availability of resources, and level of support provided.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: All customers have access to Immersive Labs’ standard Customer Support as found in Immersive Labs Products and Services Guide (https://www.immersivelabs.com/wp-content/uploads/2023/06/Product-and-Services-Guide-May-2023-V1.0.pdf). This robust support package offers self-help resources 24/7 via our support portal and access to technical experts during normal business hours who will respond to any faults with the Platform within defined SLAs. ; ; However, many of our customers require a higher level of support to accelerate their time to value. Immersive Labs offers Premium Support, which includes a premium level of technical and business support along with access to Immersive Labs’ ProServ Solutions Team.; Premium Support provides:; ; -Customized Platform training for onboarding or new releases, delivered by your Customer Success Manager; -Priority support ticket handling; -Dedicated Slack channel for real-time communications with account team; -Access to 24×7 call center for support ticket submissions; -Assistance to leverage new software features; ; ProServ Solutions - Premium Support includes limited delivery of:; ; -Consultancy and guidance for ‘Best-in-Class’ Platform use to build Cyber Resilience; -Cyber Capability and Decision-Making Assessments; -Scheduled exercising with facilitation and facilitated debriefing sessions; -Custom Crisis Simulation and Scenario creation; -Skills Map and Platform Content Inventory aligned to your operational functions; -Cyber Skills Plans (CSPs); -Insights reports with aggregated data showing progression
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Immersive Labs provides training and support for range administrators to ensure they have the necessary knowledge and resources to effectively manage and utilize the IL platform. Here's an overview of how IL supports administrators:; ; -Onboarding and Orientation: Immersive Labs offers onboarding sessions and orientations specifically tailored for admins. These sessions provide an introduction to the platform, its features, and administrative functionalities. Administrators are guided through the setup process, user management, and other key aspects .; -Documentation and Guides: Immersive Labs provides comprehensive documentation and guides that cover various administrative tasks and functionalities. These resources offer step-by-step instructions, best practices, and troubleshooting tips to help admins navigate the platform and address common issues.; -Virtual Instructor-Led Training (VILT): Immersive Labs conducts virtual instructor-led training sessions for admins. These sessions offer in-depth training on advanced administrative features, customization options, reporting and analytics, and other platform capabilities. Admins have the opportunity to ask questions and receive guidance directly from experienced instructors.; -Dedicated Account Managers: Immersive Labs assigns a dedicated account manager. These account managers serve as a primary point of contact for admins, providing ongoing support, guidance, and assistance. They can address specific questions, provide recommendations, and help troubleshoot any issues that arise.
• Service documentation: Yes
• Documentation formats: HTML
• End-of-contract data extraction: We offer access within the platform through our data explorer that allows custom data extracts (in CSV & some in PDF).; ; Our external GraphQL API (https://tinyurl.com/3wa8v6d3) provides data about the lab catalog and completions. For customers who require firehose access to their raw data, we activate Snowflake “data sharing”, which allows them to freely use the data in their own data infrastructure and BI tooling (e.g. PowerBI.); ; We also have a team that builds custom integrations for our customers.
• End-of-contract process: IL will retain personal data for the duration of the contract. Following termination, all data will be anonymised and aggregated to combine it with data for IL's other customers in accordance with IL's data retention policy and procedure. This will prevent the possibility of users ever being identified from the data IL holds.; ; ; ; The price includes the support of a Customer Success Manager to help with implementation and ultimately success of the product. Enhanced Professional Services are available for an additional cost depending on the requirements.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: Immersive Labs provides technical support and guidance through various channels.; ; IL has a comprehensive Help Center that provides documentation, guides, and FAQs to assist in navigating the platform. The Help Center covers a wide range of topics, including platform features, troubleshooting, and best practices.; Users can reach out to IL's support team via the support portal or email for technical assistance or guidance. The support team can address platform-related issues, answer questions, and provide solutions.; IL assigns dedicated account managers. These AMs act as points of contact for technical support or guidance, ensuring personalized assistance and a smooth user experience.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: We have conducted external Accessibility Audits against the key pages and flows of our Platform.
• API: Yes
• What users can and can't do using the API: Users can interact with the Immersive Labs platform through the API to automate and streamline various tasks. Some of the key functionalities that users can perform using the Immersive Labs API include:; ; Setup Service: Users can leverage the API to set up and configure their accounts, manage user access and permissions, and integrate the platform with their existing systems or tools. This allows for easier onboarding of users and seamless integration with organizational processes.; Make Changes: Users can use the API to make changes to user profiles, assign training modules, track progress, and retrieve data for reporting and analysis. This enables users to customize the learning experience, monitor performance, and gather insights for decision-making.; Limitations:; ; Limited Configuration: While users can perform basic account setup and configuration tasks through the API, some advanced settings or customization options may not be available through the API. Users may need to utilize the platform's interface for more complex configurations.; Data Protection: Due to security and privacy considerations, certain sensitive data or actions may be restricted via the API to safeguard user information and platform integrity.
• API documentation: Yes
• API documentation formats: HTML
• API sandbox or test environment: No
• Customisation available: Yes
• Description of customisation: The Immersive Platform has a number of customisable features depending on the modules being utilised. Custom lab collections can be created, as well as career paths. Existing scenarios from the Crisis Simulations catalogue can be modified, created form templates, or built from scratch. Similarly, workforce exercises can be built in the same way. The Cyber Ranges module allows users to build their own infrastructure and exercises, from the ground up or from pre-existing templates that are included in the product. Talent assessments can be custom-built from the catalogue of available labs. ; Customised reports can also be created with the data builder, a feature of the platform reporting capabilities.

Scaling

• Independence of resources: The platform is designed to be scalable to met the demands of customers. Demand and load are continuously monitored and reviewed.

Analytics

• Service usage metrics: Yes
• Metrics types: IL offers service usage metrics for the platform, enabling users to access data on user activity, training progress, completion rates, skill assessments, and more. These metrics help organizations and individuals track the effectiveness of learning programs, identify improvement areas, and make informed decisions about skill development strategies.
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: We offer access within the platform through our data explorer that allows custom data extracts (in CSV & some in PDF).; ; Our external GraphQL API (https://tinyurl.com/3wa8v6d3) provides data about the lab catalog and completions. For customers who require firehose access to their raw data, we activate Snowflake “data sharing”, which allows them to freely use the data in their own data infrastructure and BI tooling (e.g. PowerBI.); ; We also have a team that builds custom integrations for our customers.
• Data export formats:
  • CSV
  • ODF
• Data import formats: Other
• Other data import formats:
  • Users of the IL platform do not typically upload
  • Their own data as part of the training exercises and
  • Simulations provided by the platform. IL primarily focuses on prov
  • Iding hands-on cybersecurity training through interactive labs and scenarios within
  • The platform itself. Users engage with predefined exercises and challenges
  • Within the platform, rather than uploading external data.

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: Immersive Labs encrypts customer data at rest and in transit.; ; Data at rest is encrypted using AES-256; Data in transit across open networks is encrypted using TLS 1.2 as a minimum. (We do not support TLS 1.1); Passwords are hashed and salted using Bcrypt
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Immersive Labs Platform is designed to be available 24 hours a day, 7 days a week, 365 days a year. Immersive Labs uses reasonable commercial endeavors to operate a target minimum service availability of 99.5% uptime. We monitor the uptime of our services using a third-party company that generates alerts in the event the site is unavailable. ; ; Please refer to our Product & Services Guide (including SLAs) for more details.
• Approach to resilience: Immersive Labs applications are hosted in AWS state-of-the-art data centers designed to protect mission-critical computer systems with fully redundant subsystems and hierarchized security zones. AWS data centers adhere to the strictest physical security measures, including the following:; ; Multiple layers of authentication for accessing server areas; Multi-factor biometric authentication for critical areas; Camera surveillance systems at internal and external entry points; 24/7 monitoring by security personnel; All physical access to the data centres is highly restricted and stringently regulated.; ; The Immersive Labs Platform is designed to be available 24 hours a day, 7 days a week, 365 days a year. Immersive Labs uses reasonable commercial endeavors to operate a target minimum service availability of 99.5% uptime. We monitor the uptime of our services using a third-party company that generates alerts in the event the site is unavailable. We use a third-party monitoring tool (Uptime Robot) to generate reports, alerts, and dashboards for the uptime of our application.
• Outage reporting: Immersive Labs typically notifies customers of any service outages through various communication channels to ensure timely and transparent information sharing. Some common methods used by Immersive Labs to report outages to customers may include:; ; Email Notifications; Status Page Updates; Proactive Communication; By employing multiple communication channels, Immersive Labs ensures that customers are promptly informed about any service outages, enabling them to stay informed, plan accordingly, and mitigate any impact on their cybersecurity training and operations.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Access to the platform is performed via the following authentication methods:; ; Credentials: username (email address) and password (NCSC guidelines);; Single Sign-On (SSO) using SAML 2.0; MFA is supported for Single Sign-On users through their Identity Access Management.; Access to support channels is authenticated via platform login.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 19/05/2-21
• What the ISO/IEC 27001 doesn’t cover: The scope covers the ISMS for the protection of company, employee and client data, the software development, operations and user provisioning processes, including crisis management and application security and the SaaS platform.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: SOC 2 Type 2

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: SOC 2 Type 2, Cyber Essentials, Cyber Essentials Plus
• Information security policies and processes: The purpose of Immersive Labs’ Information Security Policy is to protect all information assets at a high standard. The policy covers security which can be applied through technology and the behaviour of the people who manage information at IL or at one of our service providers. We expect our third party partners and suppliers to follow good security practices that are at least equivalent to ours, and validate through our vendor management processes.; ; Our ISMS policies and other supporting documentation form our Security baseline - the minimum acceptable standard of behaviour for employees and the minimum level of controls implemented for the protection of data. Immersive Labs strives to ensure that this baseline is maintained at all times, and monitors for events, incidents, exceptions and trends that might compromise it. The policy includes:; ; Assurance that information is being managed securely and in a consistent way.; Assurance that Immersive Labs is providing a secure and trusted environment for the management of information the business is entrusted with.; Clarity over the personal responsibilities for Information Security expected of staff working for Immersive Labs.; Demonstration of best practice in Information Security; Assurance that information is accessible only to those authorised to have access

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The Change Control Procedure covers releases to the Production Platform which align with our SDLC processes, and Infrastructure Changes. ; ; We employ a Secure Software Development Lifecycle which requires all technical changes to be logged in Jira tickets. Peer review and approval of code updates is mandatory and we utilise code scanners to ensure security and stability of code releases. Quality Assurance Team reviews all releases before deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: A full penetration test is performed annually. We conduct assessments twice a year to ensure any identified vulnerabilities are fully closed as part of our security vulnerability management process.; ; We also maintain a bug bounty program via HackerOne. ; ; Patches/updates for the platform are deployed as follows:; ; Software - within monthly patch window, assuming a 1 week soak test in a non-production environment; Security - within monthly patch window, assuming a 1 week soak test in a non-production environment; Critical - within 7 days of patch release, assuming confidence in patch and based on severity of issue
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We have active monitoring in place which alerts on a variety of severity levels which then trigger a response in line with our incident response process.; ; Critical issues will be responded to within 20 minutes, while lower severity issues will be triaged within working hours.
• Incident management type: Supplier-defined controls
• Incident management approach: We have an internal Incident Management process which includes the criteria and steps required for escalation and notification to external bodies/agencies. Customers are usually notified of incidents via their Customer Success Manager and/or via platform banners/messages. Notification timing depends on the severity and scale of the incident, we would normally expect to notify affected customers within 48 hours.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  This is covered in our ESG Policy and our internal Code of Conduct. https://www.immersivelabs.com/wp-content/uploads/2022/04/esgpolicy2022v4.pdf

  Covid-19 recovery

  This is covered in our ESG Policy and our internal Code of Conduct. https://www.immersivelabs.com/wp-content/uploads/2022/04/esgpolicy2022v4.pdf

  Tackling economic inequality

  This is covered in our ESG Policy and our internal Code of Conduct. https://www.immersivelabs.com/wp-content/uploads/2022/04/esgpolicy2022v4.pdf

  Equal opportunity

  This is covered in our ESG Policy and our internal Code of Conduct. https://www.immersivelabs.com/wp-content/uploads/2022/04/esgpolicy2022v4.pdf

  Wellbeing

  This is covered in our ESG Policy and our internal Code of Conduct. https://www.immersivelabs.com/wp-content/uploads/2022/04/esgpolicy2022v4.pdf

Pricing

• Price: £460 a unit
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Cyber Million is a free version of Immersive Labs that includes access to ~250 lower-level labs for anyone 16+. ; ; Cyber Million aims to increase access and fill one million entry-level cybersecurity jobs over the next decade. Cyber Million reduces barriers to entry by creating opportunities and uncovering hidden talent.
• Link to free trial: https://www.immersivelabs.com/cybermillion/

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at debbie.tunstall@immersivelabs.com. Tell them what format you need. It will help if you say what assistive technology you use.