In 2022, we delivered several large leaps to our cyber security exercise platform, Gauntlet. These additional features are making it easier for our customers to run meaningful exercises on-demand. Need a recap on what Gauntlet provides? The platform enables our customers to run their own cyber security exercises, to test and improve their incident response capability, and ultimately improve their readiness. Those exercises use a range of pre-built templates, that can be everything from interactive, hands-on exercises that can run for multiple days, to short, sharp, and sweet discussion-based exercises — and lots of stuff in between.
One of the most prominent features introduced last year were Mailbox and Personas. Mailbox means that, for any exercise run within Gauntlet, you have the ability to enable a unique Mailbox which can be used for capturing emails sent between participants during an exercise. Capturing those emails in one place makes it much easier to see how people communicate during an exercise - and to capture important data that can be used to evaluate an exercise too.
To complement the mailbox feature, we also built a feature called Personas. Personas represent entities that would be involved in responding to a real cyber incident, such as government agencies (like the ACSC, Law Enforcement, or OAIC), regulators, your MSSP, or even other internal teams. These personas enable you to simulate their involvement in an exercise, without requiring these entities to actually participate. Participants can interact with a Persona through their uniquely generated email address and practice communication in a more realistic setting. Personas go a long way to making an exercise feel even more real - particularly when they respond back to a participant's email!
Roadmap for 2023
In addition to the everyday improvements our development team makes to Gauntlet, we are also prioritising features that will improve the user experience, provide more data visualisation from exercises, and build integrations that lead to better outcomes and more immersive exercises. We have lots of plans and ideas! We’re excited about what's coming soon to Gauntlet — and we’re sharing this so you can get as excited about running better exercises as we are. Outlined below are our key features for development.
This year we are focused on helping our Gauntlet customers gain a better understanding of their organisation's cyber security incident response readiness. To do this, we are putting significant focus into the design and development of visual dashboards, to make it easier to visualise and report on the outcomes of the various exercises that organisations have run using Gauntlet.
These dashboards will give customers greater insights into the exercises they have completed, how participants fared, and allow them to identify both areas of strength and areas for improvement. Once completed, dashboards will give customers the ability to quickly understand the outcomes from an exercise, along with meaningful metrics and insights.
Exercise Apps are the unique tools, infrastructure, and services we plan to make available through Gauntlet to assist customers in building exercises, enhancing an exercise scenario, or to make exercises more realistic and immersive. This could include Gauntlet spinning up a phishing site that supports the scenario a customer is building, provisioning forensic lab environments for use by participants during an exercise, or providing the means for customers to simulate beaconing activity within their environment to support an exercise.
Currently, we have many Exercise Apps and environments that we provision to support exercises through internal capabilities. This year, our goal is to determine and develop the means to start integrating these into Gauntlet and make them easily available for all our customers to leverage as well!
Following on from the release of Mailbox integration last year, the team are focusing on designing and developing further integrations that support relevant data collection and support the delivery of exercises within Gauntlet. The next integration that the team are already planning and designing is Gauntlet's case management integration capability. This feature will give a customer the ability to capture the relevant information from their case management solution (like Jira or ServiceNow) that relates to a particular exercise, all within a summary view in Gauntlet.
Once this integration is delivered, this will enable customers to have more insights to the actions that occurred during an exercise in a summarised and digestible format. It'll make it quicker and easier for customers to know every single thing that happened during an exercise (well, so long as it's included in the case management notes!) and help them understand when specific actions occurred, and what the impact of those actions were.
Some big improvements and plans are in place for the templates available in Gauntlet. Firstly, we plan to increase the number of templates available to organisations, by releasing new templates over the course of the year (in addition to the wide range of templates currently in Gauntlet). These new templates will include various exercise types and include exercises with much larger technical artefacts than existing templates.
This means customers will have the ability to practice how they'll respond to an even greater variety of threat actors and incident types - including some of the latest threat actor tradecraft we're seeing deployed in the wild.
In addition to the new templates being released, the development team are also planning to fully revamp the template library from its current format to a more structured, streamlined, and organised collection of exercise templates. This feature will not only increase the usability of the exercise templates in Gauntlet, but also allow customers to more easily review and select a template that aligns to their interest or use case.
Getting excited about what exercises can look like? We sure are!