Incident Response

RTTC helps security guardians be their best in the moments that matter.

With RTTC Threat Arena, you can easily identify the damage done by a cyberattack. In the virtualized replica of your IT infrastructure (golden image), you can execute the threat, and immediately see all the changes made and damage done, without further endangering your production systems.  To be able to react quickly in the event of a security incident, RTTC Threat Arena supports the “Detection & Analysis” phase of the incident-response cycle in detecting the impact of the threat on your IT environment.

Fast and Simple to use

You are always ready to respond immediately in the event of an incident. All you have to do is confront your golden images with the threat, and wait for the results.


Clear and unambigous

The results are presented clearly and unambiguously right after your tests. You will immediately know what changes have been made to the system by the threat.

Optimizing Cyber Risk Exposure

With the results of the tests, you can optimize the security of your IT landscape. Various tests with your golden image – for example, trying out alternative endpoint security solutions – can help you to make the right decisions to minimize your cyber-risk exposure.

Life-like virtualization

Realistic virtualization of your IT environment, based on golden images, enables us to check how well your cybersecurity solution protects against the latest threats.

1. Organization centric

Your IT infrastructure can be simulated under realistic conditions. Based on your golden images, we create test scenarios with a graphical user interface (not command-line-based) and real user behavior. These do not interact at all with your production IT systems.

2. 100% off-grid, but online

The RTTC Threat Arena does NOT require integration with your infrastructure of any kind, nor does it require installation of agents on your computers. We automate the process, so your security guardians can focus on other mission-critical areas.

3. Real-Life Threats

With our collection of the latest in-the-wild cyber-threats, we can attack your virtualized IT environment, and instantly detect any threat that could currently harm it.

4. Tremendously fast

Threat Arena interacts with the virtualization environment in an optimized way, so that a whole image can be started and tested within seconds. This lets you test against a vast number of threats in a single day.

5. SaaS or on-premise

RTTC products and services can be operated both as SaaS (hosted according to GDPR), or on-premises at the customer's site, with separate hardware/virtualization.

6. Customizable

We can setup any combination of server and client golden images, including AD domain controllers, mail servers, file servers, and many more.

Use Cases

Our Incident Response service can be applied in many ways and by many organizations, including technology companies, insurers, ratings agencies, compliance auditors, and of course, security teams.

Here are some of the most common use cases for security analytics:

Custom Threat Analysis

OPSEC teams often want to test threats in a protected environment. However, available sandboxes cannot map the enterprise infrastructure, but mostly map a standardized environment.

In addition to a standard environment RTTC offers an exact replica of your IT infrastructure (Golden Image) to execute threats. So you can replay the attack by using the exact same settings, OS, 3rd party software and security solution you are using in your organization.  So you can see the impact the threat does to your system. In addition, you also see which system is not impacted by the threats and can do a risk evaluation.

Incident Response

An employee has opened an infected file (which, for example, starts encrypting data in the background). The IT team is now faced with the challenge of identifying which data on the network as well as which systems could be affected. It must also be clarified whether the systems are affected or whether the attack could lead to an infection at all due to the operating systems used. The service can also tell you if the attack has no exposure on your system.

Software Security Compatibility Evaluation

Software upgrade in companies with heterogeneous security solutions can lead to issues.

An international company with different images and AV solutions in different countries often faces issues during new installations of updates of software, as it can be blocked by security systems or different systems settings.  

IT teams can install new software or updates on single systems without encountering any problem, as the locally installed security solutions or system configuration does not display any warnings.  With our Incident Response solution, the IT team can evaluate the application in advance within minutes with full replicas (Golden Images) of all the IT infrastructure used in the organization.

This assessment is crucial before rolling out large updates or new installations to avoid downtime due to not working software.

Become a Partner!

We partner with organizations worldwide that share our vision of empowering enterprises to investigate and respond to cyber incidents.