ThreatSpace™ Cyber Range

When your systems are under attack, the time for planning a response has already passed. Your teams must spring into action immediately, working swiftly and in concert. Each member must know their role – and the action to take – without hesitation.

This kind of coordination doesn't just happen. It requires hours of practice working with a range of real-world scenarios in a safe space – without the fear of failing.

What is ThreatSpace?

A virtual environment that experiments with real-world attack scenarios to rehearse and refine incident response capabilities in a consequence-free environment.

ThreatSpace is a technology-enabled cyber range that assesses and develops your security team’s technical capabilities, processes, and procedures when responding to real-world cyber threats. The scenarios are based on extensive Mandiant incident response experience from responding to thousands of breaches and include the latest adversary tactics, techniques, and procedures (TTPs).

This is done in a consequence-free environment, through a simulated infrastructure that includes network segments, servers, and applications.

Students investigate and respond to simulated attacks with real-time coaching from our expert instructors. Your team will receive feedback on their strengths and weaknesses, along with an actionable best-practices roadmap for improvement.

The ThreatSpace experience

During a typical three-day ThreatSpace workshop, our expert instructors will provide guidance to help your security professionals learn from their mistakes as well as their successes. When the workshop ends, our instructors will recommend areas of improvement so that, when a threat or attack does occur, your team is confidently prepared.

  • Hands-on experiential learning
  • Variety of real-world threat and attack scenarios
  • Expert coaching and evaluation
  • Simulated, consequence-free environments
  • Custom scenarios available

What are the benefits of ThreatSpace Cyber Range?

Identify gaps and opportunities for improvement

Investigate real-world, complex incidents to identify gaps in training, processes, procedures, and communication plans.

Learn from incident response experts

Work closely with experienced Mandiant incident responders who draw on years of intelligence-led investigative expertise to assess and provide real-time feedback and coaching.

Investigate critical security incidents

Familiarize your response and intelligence teams with the latest attack scenarios and attacker TTPs relevant to your organization, as learned from Mandiant advanced persistent threat (APT) investigations.

Gain experience with different attack scenarios and threat actors

Evaluate and improve the abilities of your incident response and intelligence teams as they respond to various attack scenarios and threat actors in real time.

Research and analyze identified threats

Learn how to effectively research attacker TTPs and identify indicators of compromise from host-based and network-based artifacts.

ThreatSpace sample scenarios

While these are our most popular exercises, we can also develop custom scenarios to address your unique challenges.

Insider threat

This multi-level scenario simulates an insider threat, from an employee misusing standard permissions to one acting under the direction of an external threat actor to exfiltrate data.

Phishing and deployment of ransomware

This scenario starts with a phishing attack to gain access, then moves to privilege escalation, data exfiltration, and finally, ransomware deployment on key systems.

Compromise through malicious download

A scenario where a threat actor uses a compromised website to deliver malware. This allows the attacker to establish a foothold, maintain persistence, and conduct reconnaissance.

Unauthorized access and data theft

This multi-level scenario involves an attacker exploiting a public-facing service to gain access, and then moving laterally to target Active Directory, compromise critical assets, and exfiltrate data.

Threat actor emulation

Live scenarios simulate the latest adversary TTPs to challenge your team's detection and response capabilities. We emulate real-world threat actors, from financially motivated criminals like FIN6 and Lapsus$ to state-sponsored groups like APT40 and APT41 engaged in espionage and service disruption.

M-Trends 2025 top 10 techniques

This workshop focuses on detecting top adversary techniques from the Mandiant M-Trends 2025 report. Learn to identify and respond to common attack methods like file obfuscation, indicator removal, and script-based execution.

Take the next step

Learn more and schedule your ThreatSpace workshop today.

Google Cloud
send_spark
    DocsSupport
    Console
    Sign in
    • Accelerate your digital transformation
    • Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.
    • Google Cloud products
    • Browse over 100 products. New customers get $300 in free credits to run, test, and deploy workloads. All customers can use 25+ products for free, up to monthly usage limits.
    • Save money with our transparent approach to pricing
    • Google Cloud's pay-as-you-go pricing offers automatic savings based on monthly usage and discounted rates for prepaid resources. Contact us today to get a quote.
    Google Cloud