Incident Simulation

Realistic testing of breach and disaster preparedness

Solution fit

Our Incident Simulations are a specialist service that equip organisations with an in-depth understanding of their incident preparedness. Identifying areas of weakness or vulnerability prior to being impacted by a genuine incident will help to promote the development of robust technical mitigations, process and policy improvements, and enable the organisation to approach incident response with more confidence. In deciding whether you should undertake such an engagement, you may consider:

  • Are you aware of the category and nature of incidents that your organisation is most likely to face?
  • Does your incident response documentation provide adequate guidance in probable scenarios?
  • Are your communication channels able to withstand compromise or disruption?
  • How will your staff respond under the pressure that an incident places on them?
  • Do you have the tooling, resource and capability to detect and remediate an intrusion?

Solution overview

Our simulations are an intelligence-led engagement which adopt a hybrid red team/tabletop methodology to thoroughly test your incident preparedness. Testing is undertaken by a qualified specialist who accurately simulates an intrusion using the same tactics, techniques and procedures (TTP's) used by adversaries in real-world intrusions. Campaigns are tailored to the profile of your organisation and can operate from either an assumed-breach or end-to-end perspective. This may include:

  • Open-source intelligence (OSINT) gathering.
  • Bespoke phishing kits and malware loaders.
  • AV/EDR/NGFW evasion.
  • Command-and-control deployment.
  • Data exfiltration.
  • Ransomware payloads.


Knowledge of the engagements is kept within a limited sponsor group, who agree on the campaign scope and required outcomes. Typically, this may include:

  • Identifying flaws in incident response documentation and process.
  • Prioritising key technical, process and policy improvements.
  • Educating technical staff on incident response process.
  • Promoting end-user security awareness.
  • Gaining insight into your vulnerability and attack surface.
  • Evaluating the effectiveness of current defensive controls.

Execution of the simulations can be as collaborative as the sponsor group requires, and is followed by comprehensive reporting and debriefing sessions with the wider team.


Fill out the form and one of our experts will be in touch soon.