Immersive Labs

Immersive Labs

We empower businesses to measure and evidence human capabilities in every part of their cybersecurity.

Immersing individuals in challenges, scenarios, and simulations covering everything from spelling the word cyber to technical tools, and reverse engineering malware. Enabling you to evidence your team’s readiness to face the very latest cyber threats.

Features

• Equip, Exercise and Evidence workforce cyber capability
• Gamified, challenged-led learning methodology
• Online, on-demand labs and challenges available 24/7
• Over 700 story-driven defensive, offensive and intelligence-led labs
• At least 4 new labs added every week
• Develop cyber skills: Workforce Security Awareness, Knowledge, Tools and Techniques
• Virtual machines and tools to analyse real data and problems
• Labs mapped to MITRE ATT&CK™ framework techniques
• Objectives for all NIST-NICE work roles: entry to advanced
• Full management functionality, including reporting of individual and team progress

Benefits

• Continuously battle-test teams against emerging threats
• Reduce incident response dwell time
• Improve cyber readiness and security ethos
• Directly align skill levels to actual cyber risks
• Benchmark and upskill individuals and teams at all ability levels
• Reduce time to learn important cyber security knowledge and skills
• Measure, visualise and evidence human capability
• Reduce off-site training costs
• Reduce recruitment costs
• Uses gamification to encourages healthy competition

£2,995 a licence a year

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at debbie.tunstall@immersivelabs.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

556859949626618

Contact

Debbie Tunstall
+44 (0)20 3893 9101
debbie.tunstall@immersivelabs.com

Service scope

• Software add-on or extension: No
• Cloud deployment model: Public cloud
• Service constraints: N/A
• System requirements:
  • Browser - Chrome, Firefox, Safari, Edge or Internet Explorer 11
  • Broadband internet connection
  • Desktop/laptop

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Immersive Labs monitor the support inbox and aim to respond to queries within 2 working days.; Working hours are 09.00 to 17.30 GMT/BST (as applicable) Monday to Friday (excluding UK bank and public holidays).
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: No
• Support levels: Immersive Labs provide support for both the web application and underlying content served in the platform. We maintain an; online support function through an email address: support@immersivelabs.co.uk.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Managers will be introduced to a Customer Success Manager who will provide onboarding instructions and deployment strategy. ; The Customer Success Manager will invite users to an online onboarding session to help them familiarise themselves with the platform.; Extensive documentation and video references are also available.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Users can download a copy of their achievements on the platform at any time and Immersive Labs complies with GDPR requirements.
• End-of-contract process: The service is entirely online and browser-based. At the end of the contract access to content is revoked.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
• Application to install: No
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Content has been rendered for use on all devices.
• Service interface: No
• API: No
• Customisation available: No

Scaling

• Independence of resources: Our service meets the demands of all users by utilising the scaling capabilities of the underlying cloud infrastructure. This is continuously monitored to ensure that we provide enough capacity.

Analytics

• Service usage metrics: Yes
• Metrics types: The reporting feature provides individual, team and organisational user metrics including:; - Cyber Capability Score (including MITRE ATT&CK coverage); - Completed labs; - % completed objectives; - Time spent on labs; - Points awarded; - Lab type and skill level
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: European Economic Area (EEA)
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: In-house
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Within the reporting feature of the platform, managers can download CSV files of all user activity.; Individual users can access their record of achievement through the user profile section.
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • PDF
  • Microsoft Office formats
• Data import formats:
  • CSV
  • Other
• Other data import formats: Microsoft Excel

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: All other traffic is private and secured through comprehensive network security controls.

Availability and resilience

• Guaranteed availability: The platform is designed to be available 24/7, 365 days a year.; We operate on a target minimum service availability of 99.5% uptime. We monitor this by using a third party who alerts us when the site is unavailable. ; In the event of a fault with the platform, users need to report it to; support@immersivelabs.co.uk.; There are four tiers of incident depending on the scale and severity of the issue. A target response and resolution time is defined for each level and apply during working hours only.; Where development work is required, the target resolution times may be extended. ; Level 1 - The production system is unavailable for all users; Support team working inside and outside of working hours until resolved.; Level 2 - Multiple users cannot access multiple labs; Notification to support@immersivelabs.co.uk; Investigated inside working hours with a 0.5 day target to resolve.; Level 3 - A single user cannot access multiple labs.; Notification to support@immersivelabs.co.uk; Investigated inside working hours with a 1 day target to resolve.; Level 4 - A single user cannot access a single lab.; Notification to support@immersivelabs.co.uk; Investigated inside working hours with a 5 day target to resolve.
• Approach to resilience: Our service takes advantage of the multiple availability zones of the underlying cloud provider, ensuring that a minimum of 2 are used at all times.; Our service is resilient by leveraging multiple availability-zones consistent with the fabric of the underlying cloud provider.
• Outage reporting: Service outages are via an API, reporting agents and an external monitoring service. This will also be accompanied by emails if deemed necessary.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: All management interfaces apply access restrictions via an IPSEC VPN and federated identity authentication.; ; Support channels are public, but administration of those channels is done via federated Single Sign-On to Google G Suite.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: Identity federation with existing provider (for example Google Apps)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: No audit information available
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications: Cyber Essentials

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essentials and working towards ISO27001
• Information security policies and processes: Immersive Labs is enhancing its ISMS using the ISO27001:2013 - Information Technology - Security Techniques - Information Security Management Systems - Requirements which details control objectives and controls. Immersive Labs is also certified Cyber Essentials.; ; All employees are required to complete a series of onboarding objectives covering areas such as information security and data protection. Their contractual obligation to the company requires them comply with company policies and standards. This includes maintaining the CIA of all customer data.; ; Two members of the board, CPO and COO are responsible for the security of the platform and the company. A monthly security and risk review is chaired by the ISO who reports into the COO and covers emerging threats, vulnerabilities and risk treatment, which is tracked via committee members and the board.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Architecture Decision Records for significant changes. ; Robust Code Review process of day to day changes. ; Evaluation of newly introduced OSS for license and security risk.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Immersive labs operate an internal threat research team. This team takes Threat Intel and threat data feeds from a wide variety of sources including the NCSC CiSP Portal.; ; Any critical vulnerabilities are raised with the appropriate team. Patching is then performed as required.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: As a cloud native SaaS platform we use the logging and monitoring provided by our cloud service providers.
• Incident management type: Supplier-defined controls
• Incident management approach: As a cloud native SaaS platform we use the logging and monitoring provided by our cloud service providers. Additional logs are recorded and monitored for unusual behaviours. If unusual activity is detected a security incident is raised and a cross functional team allocated to respond to the incident. The level of response is tailored to the level of the incident.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £2,995 a licence a year
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Full access to the platform for agreed time period can be provided in certain circumstances.; Lite mode with a sample of labs and learning objectives can be accessed freely.
• Link to free trial: https://lite.immersivelabs.com

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at debbie.tunstall@immersivelabs.com. Tell them what format you need. It will help if you say what assistive technology you use.