Next-Gen
Cyber Security Solutions

JA

/

CONTACT US

[SERVICES]

Cyber Evacuation Drill

Cyber Evacuation Drill

A training exercise in which technical teams defend systems within a virtual environment that simulates a corporate internal network. Experience "real-world chaos" safely in a controlled environment. Develop decision-making skills that tabletop exercises cannot provide.

Why It's Needed

  • 01

    Incident response is vast and complex

    • Technical support

      Detection → Investigation → Containment → Recovery

    • Business-oriented

      Customer notification, public relations, and legal decisions

    • Business judgment

      Business continuity/suspension, stakeholder response

  • 02

    Rapid response and accurate situational awareness Are Essential

    • Delays in taking appropriate action,
      and the escalation of damage due to an inaccurate assessment of the situation

    • Stock price decline: Several percent within 1–2 days of the announcement; over 10% within a few weeks

      The greater the sensitivity of leaked data, the scale of business impact, and the length of the information gap before disclosure, the greater the tendency for stock price decline.

Features

  • 01

    Experience "Real-World Chaos" in a Safe Environment

    Experience incident response in production-like conditions without affecting the actual internal network

  • 02

    Practical Decision-Making Skills Beyond Tabletop Exercises

    Teams handle detection, investigation, containment, and recovery within a time limit. Training you learn by doing.

  • 03

    Analysis of the Attack and Sharing of Insights

    Train the entire organizational response process, from technical response to public relations, legal, and management decisions
    *Public relations, legal, and authority response are available as options.

Exercise Overview and Team Structure

  • 01

    Technical Team

    Handle the full sequence from isolating compromised terminals, preserving logs, and changing credentials to investigation, containment, and recovery.

  • 02

    Option

    Business Team

    Train external response procedures including reporting to authorities and the Personal Information Protection Commission, and issuing public communications.

  • 03

    Option

    Executives

    Practically experience business continuity, suspension, and resumption decisions based on technical and business situational updates.

Training Environment

On a simulated environment that replicates a corporate internal network, Fore-Z executes real attacks from both inside and outside the network. Participating teams respond in real time over the course of one day, from incident detection through technical investigation, containment, recovery, and technical documentation.

  • 01

    Independent Network with No Impact on Production Systems

    Conducted in an isolated offline environment. Absolutely no impact on production systems.

  • 02

    Simulated Environment Built to Mirror Production

    Configured to closely resemble an actual internal network, with web servers, Active Directory, databases, and client terminals (EPP/EDR) deployed.

  • 03

    Fore-Z Executes Attacks from Inside and Outside the Network

    Attacks are conducted not only from external intrusion but also under the assumption of an already-compromised internal presence. Real-world threats are faithfully reproduced.

Benefits

  • Management Perspective

    • 01

      Realistic practice for business continuity decisions

      • Experience what information management should base their decisions on

      • Contribute to improving the chain of command and decision-making processes

    • 02

      External credibility

      • Build trust with shareholders and customers as a company proactive in security measures

      • Minimization of damage

  • Practitioner Perspective

    • 01

      Visualize on-site response readiness

      • Evaluate the effectiveness of procedure manuals

      • Identify issues in log collection status and tool readiness

    • 02

      Practice coordination with non-technical departments

      • Gain real experience communicating with legal, public relations, and management

      • Experience firsthand "who does what, in what order" and understand how to move as an organization

Plan Structure

Options can be added to the Standard Plan based on your organization's specific challenges and needs.

  • Standard Plan

    • Incident response
    • Technical Investigation & Containment
    • Recovery & Technical Documentation

  • Options

    • Add Business Response

      Public relations, legal, and customer response

    • Add Management Decisions

      BCP / Management Decisions

    • Add Advanced Attack Scenarios

      Ransomware / Active Directory compromise, etc.

Project Flow

  • 01

    Hearing

    Consultation on requirements and current organizational structure
    ・Overall company structure and participating organizations
    ・Awareness of security response challenges
    ・Incident response flow
    ・Consultation on desired scenarios (standard plan focused on technical response, or inclusion of business response options)

  • 02

    Contract

    Based on the consultation, we propose the exercise details and costs. After contract signing, environment and scenario development begins.

  • 03

    Preparation

    Environment & Scenario Development
    ① Virtual Environment Setup
    ・Exercise environment preparation (tuning of the standard environment type)
    ・Environment customization tailored to the desired exercise scenario
    ② Scenario Development
    ・Selection and development of attack scenarios for engineers in the standard plan
    ・For the business response option

  • 04

    Cyber evacuation drill
    execution

    Experience realistic incident response over the course of one day in a production-like simulated environment. Post-drill activities include explanation of attack techniques and sharing of countermeasures.

We never
cease

our pursuit
to realize
true security.