Exercise programs

Continuous cyber exercising leads to high readiness

It's really tough to respond effectively to an incident if you are not prepared. Lack of readiness leads to significantly more negative impact received from an incident that should have been avoided. Exercises prepare organisations so when an incident occurs, you can respond confidently and effectively, minimising harm and getting the organisation back to business.

Our cyber security exercise programs

Crafted to meet objectives

Before we craft an exercise, we first identify what the objectives are. Whether it's to test inhouse forensic capabilities, validate procedures and playbooks, understand compliance against relevant regulations, or all the above, we will design the exercise to ensure the participants' actions can be captured and measured against the objectives.

Frequent and accessible

Don't expect to maintain readiness by doing one or two exercises a year. Personnel, technology, threats - these evolve constantly and so the need to exercise frequently to keep up is true. Our exercise programs will ensure readiness is maintained against the threats that matter to you.

Remote or onsite delivery

We always use our cyber security exercise platform, Gauntlet, to deliver the best exercises possible. As a result, we can deliver exercises remotely or onsite, ensuring everyone participating has access to the things they need at all times.

Meaningful outcomes

When we run exercises, our technology ensures we capture real metrics, and our experience ensures we interpret these metrics into something actionable that enables our customers to improve their readiness and achieve real results.
“...ever-evolving cyber risks and threats..."

The nation’s cyber incident response capabilities need to mature and adapt to ever-evolving cyber risks and threats. Cyber exercises like Cyber Storm allow the cyber incident response community to practice and measure the effectiveness of their capabilities and continuously improve.

Cybersecurity and Infrastructure Security Agency (CISA)
Department of Homeland Security, United States Government

Frequently asked questions about exercises.

As a startup that focusses exclusively on cyber security exercises, we field many questions about them. These answers may help you consider if exercises are right for your organisation, and perhaps give you a new perspective about them. If you have any other questions about exercises, get in touch.
Contact us
What are exercises?

Exercises (also referred to as sims) are scenario-driven simulations of a cyber incident. Participants respond to the incident and underlying threats by performing a variety of actions such as incident management, forensics, communication, and reporting. Parts of the scenario, known as injects, are released over the duration of the exercise. These injects usually provide more information about the threat and may change the actions or decisions made by the participants.

Exercises can take different forms (discussion based or functional, remote or onsite), represent different incident types (e.g. ransomware), and can be as long or as short as they need to be. Exercises are sometimes thought of as big events, involving lots of people, being complex, and taking lots of time and resources. It doesn't have to be this way and, if done correctly, are manageable and easily align with the organisation's normal business practice and security program.

Are they effective?

Extremely effective, but only if done correctly.

The key to an effective exercise is that the objectives are well defined, the exercise is crafted to meet those objectives, and that the right data is captured so factual findings and insights are possible. Most importantly however, exercises need to be as realistic as possible with participants acting as if they were responding to a real incident. This is why we always advocate our customers use their production network, invested capabilities, and existing processes when participating in an exercise - it's as close to being real as possible.

Who should participate?

Anyone who is involved in incident response should participate in exercises. Incident response involves many different capabilities across an organisation and so exercises should reflect this.

Teams that we commonly involve in our exercises have included security operations, crisis management, media and PR, executives, legal, and other technology teams.

How often should we do them?

As often as you can. Especially if you are consistently targeted, provide critical services, and/or have important data to protect. Exercising against common threat scenarios will ensure the organisation can respond effectively when those threats manifest.

Evolving threats, discovered vulnerabilities, churn in personnel, network rearchiteching, investment in new tooling, and other changes - these will always impact an organisation's readiness to respond to an incident. By frequently exercising, the impacts from these changes are neutralised.

What types of exercises are there?

There are two main types - tabletops and functional exercises.

Tabletop exercises involve discussing what actions one would perform based on the presented scenario. The action is not physically performed. Functional exercises do involve participants actually performing relevant actions, such as creating a ticket in their case management system, searching telemetry in their environment, or preparing a media statement to deliver at a news outlet. Both types of exercises meet different needs, but functional exercises are more realistic and therefore yield better findings and insights.

Build Readiness. Respond Effectively.