Skip to content
Service · Operational

Tabletop exercises run against your actual escalation chain, not a generic one.

A ransomware simulation only teaches you something if it uses your L1→L3→SOC Manager→CISO→CTO path, your tools, and your reporting clock.

A real sequence

The IR lifecycle we build runbooks against

Identify

Detection and triage criteria specific enough for an L1 analyst to act on without escalating every alert.

Contain

Pre-approved containment actions that don't require waiting on a meeting to execute.

Eradicate

Root-cause confirmation steps before systems are cleared for recovery.

Recover

Staged restoration with validation gates, not a single "all clear" switch.

Report

CERT-In and RBI reporting drafted against the clock — rehearsed, not improvised on the day.

Tabletop Exercises

Scenario-based simulations — ransomware, supply-chain compromise, insider data exfiltration — run live with your incident response team across functional groups: SOC, IT infra, application owners, communications, legal and leadership.

Runbook Development

Written runbooks for your top incident categories, with decision points, named roles, and reporting timelines that match CERT-In's six-hour window.