This service extends the Security Assurance (SA) and Security Operation Centres (SOC) service by adding offerings of cyber security training programmes (aka Cyber Range/CR programmes) to clients. The provision of CR programmes will enable the development of incident prevention and response skills amongst their personnel as well as training towards different security certifications at personal and/or organisational level. CR programmes cover different threat actors, threat scenarios and types of incidents and are based on emulated, simulated and hybrid replicas of client systems. Under the advanced levels of offering the service, CR programmes will also be tailored to the needs of the individual clients.
The SPHYNX CR service involves:
- Baseline analysis and basic/intermediary cyber range programmes
- Assessment of baseline of CR training needs of the enterprise and set up of CR training environment;
- Provision of library of basic and intermediary cyber range (CR) programmes for known attacks;
- Unlimited access to the provided CR programmes on a CR-as-a-service (CRaaS) delivery model;
- Automated evaluation of performance of different trainees;
- Enterprise level risk analysis depending on trainee performance;
- Standard programme execution, progression and enterprise risk reports.
- Managed cyber range performance monitoring and custom cyber range adaptation
- Analysis of CR programme performance for different types of trainees, assets and vulnerabilities;
- Adaptation of CR programmes based on trainee performance in CR (e.g., performance vs expertise, time to completion).
- Advanced cyber range
- Provision of library of advanced cyber range (CR) programmes for known attacks for enterprise asset types;
- Physical CR programmes evaluation and prioritisation;
- Physical delivery of advanced CR programmes;
- Evaluation of CR programme effectiveness;
- Adaptation of CR programmes based on use of real enterprise assets by trainees (e.g., performance vs expertise, time to completion).