Israeli cybersecurity training and simulation company Cyberbit has shut down its operations in Israel, laying off its local workforce while pivoting to focus exclusively on the United States market. The company, known for its cyber range training platforms and SOC simulation products, will continue operations through its American subsidiary. This strategic restructuring reflects broader challenges in the Israeli tech sector and raises questions about service continuity for existing customers in Europe, Asia, and the Middle East.
Introduction
Cyberbit, a prominent player in cybersecurity training and SOC automation, has announced the closure of its Israeli operations in a significant corporate restructuring move. Founded in 2015 as a spin-off from Elbit Systems, the company built its reputation on providing cyber range environments and hands-on training platforms for security professionals worldwide.
The decision to shutter Israeli operations while maintaining a U.S. presence marks a dramatic shift for a company that once represented Israel’s growing cybersecurity innovation ecosystem. The move affects dozens of employees in Israel and signals potential service disruptions for international customers who have invested in Cyberbit’s training infrastructure and platform licenses.
This development comes amid increasing consolidation in the cybersecurity training market and growing pressure on companies to demonstrate clear paths to profitability in a tightening economic environment.
Background & Context
Cyberbit emerged from Elbit Systems’ cybersecurity division in 2015, capitalizing on the growing demand for practical, hands-on cybersecurity training solutions. The company’s flagship product, the Cyberbit Range, provided organizations with simulated network environments where security teams could practice incident response, threat hunting, and SOC operations without risking production systems.
The company’s product portfolio expanded to include:
- Cyberbit Range: Hyper-realistic cyber training platform
- Cyberbit SOC 3D: Security operations center simulation and training
- Skill Development Programs: Certification and skills assessment tools
- Incident Response Training: Scenario-based exercises for security teams
Cyberbit served customers across multiple sectors including government agencies, critical infrastructure operators, financial services, and managed security service providers (MSSPs). The company established a U.S. subsidiary to serve the American market, which became increasingly important to its revenue model.
The Israeli tech sector has faced significant headwinds in 2024-2025, with multiple cybersecurity firms restructuring, merging, or shutting down operations amid reduced venture capital funding, increased competition, and pressure to achieve profitability. Cyberbit’s decision reflects these broader market dynamics.
Technical Breakdown
Cyberbit’s platform architecture relied on sophisticated virtualization and simulation technologies to create realistic training environments. Understanding the technical implications of this operational closure is crucial for existing customers.
Platform Architecture
The Cyberbit Range utilized:
Infrastructure Components:
- Hypervisor Layer: VMware/KVM-based virtualization
- Network Simulation: Virtual networks with realistic traffic
- Attack Simulation: Automated threat actor behavior
- Monitoring Stack: Integrated SIEM and security tools
- Management Console: Centralized administration interfaceService Dependencies
Organizations using Cyberbit products typically integrated them with:
- Identity management systems (LDAP, Active Directory)
- SIEM platforms for log aggregation
- Ticketing systems for incident tracking
- Learning management systems (LMS)
- Internal documentation and knowledge bases
Deployment Models
Cyberbit offered multiple deployment options:
# On-premises deployment
- Customer-managed infrastructure
- Full administrative control
- Local data residency
# Cloud-hosted deployment
- Cyberbit-managed instances
- SaaS-style access
- Shared responsibility model
# Hybrid configurations
- Distributed training nodes
- Centralized management
The closure of Israeli operations particularly impacts customers with cloud-hosted deployments or those relying on ongoing support from the Israeli technical team.
Impact & Risk Assessment
Service Continuity Risks
Critical: Organizations with active training programs face immediate risks:
- Support Interruptions: Reduced technical support availability, especially for non-U.S. customers
- Platform Updates: Uncertainty around security patches and feature updates
- License Renewals: Questions about contract terms and renewal processes
- Training Schedules: Potential disruption to scheduled cybersecurity training programs
Operational Impact
Security teams using Cyberbit Range for skills development may experience:
- Training Gaps: Inability to onboard new SOC analysts effectively
- Compliance Issues: Organizations with mandatory training requirements may face audit findings
- Skill Degradation: Without regular practice environments, team capabilities may decline
- Budget Waste: Sunk costs in platform deployment and integration
Market Competition
The Cyberbit closure creates opportunities for competitors including:
- RangeForce
- Immersive Labs
- CyberVista (now Infosec)
- PlexTrac
- AttackIQ Academy
Vendor Response
Cyberbit has issued limited public statements regarding the Israeli operations closure. According to available information:
The company confirmed that U.S. operations will continue under the American subsidiary, with leadership emphasizing focus on the North American market. Customer communications have reportedly indicated:
- Existing contracts will be honored through the U.S. entity
- Support services will transition to U.S.-based teams
- Product development will continue with reduced scope
However, several customer concerns remain unaddressed:
- Timeline for support transition
- Staffing levels for U.S. operations
- Long-term product roadmap commitments
- Data migration options for cloud-hosted deployments
The company has not announced bankruptcy or complete dissolution, distinguishing this from total business failure, but the operational footprint has significantly contracted.
Mitigations & Workarounds
Organizations currently using Cyberbit products should implement these measures:
Immediate Actions
# Document current configurations
- Export all training scenarios and custom content
- Backup user data, progress records, and certifications
- Document integration configurations
- Capture current licensing details and contract terms
Alternative Solutions
Short-term workarounds:
- Extend existing platform use under current licenses
- Develop internal capture-the-flag (CTF) environments
- Utilize open-source alternatives like DVWA, Metasploitable
- Leverage cloud-based labs from providers like HackTheBox, TryHackMe
Long-term migration options:
Research and evaluate replacement platforms:
Evaluation Criteria:
- Deployment flexibility (on-prem, cloud, hybrid)
- Integration capabilities with existing tools
- Content library depth and relevance
- Customization options
- Vendor financial stability
- Support model and SLA termsContract Negotiations
Organizations should:
- Request contract amendments for reduced capability
- Negotiate early termination clauses without penalty
- Secure data portability guarantees
- Obtain written commitments on support continuation
Detection & Monitoring
While this is a business development rather than a technical security incident, organizations should monitor for potential security implications:
Service Degradation Indicators
# Monitor platform availability
- Track uptime percentages
- Measure support response times
- Log platform errors and anomalies
- Document feature regression
Security Posture Impact
Assess whether training platform disruption affects:
- Security team readiness metrics
- Incident response drill completion rates
- New hire onboarding timelines
- Compliance training requirements
Vendor Health Monitoring
Implement processes to track vendor stability:
- Financial news monitoring
- Leadership changes
- Product update frequency
- Community engagement levels
- Conference presence and sponsorship
Best Practices
This situation highlights critical vendor management principles:
Vendor Risk Management
Diversification Strategy:
Never depend on a single vendor for critical training capabilities. Maintain relationships with multiple providers or develop hybrid approaches combining:
- Commercial platforms
- Open-source tools
- Internal capabilities
- Academic partnerships
Business Continuity Planning
Training Platform Resilience:
Resilient Training Strategy:
- Document all custom scenarios and content
- Maintain offline training capability
- Cross-train on multiple platforms
- Develop vendor-agnostic curricula
- Establish alternative providers before crisesContract Protections
Include these clauses in cybersecurity training contracts:
- Change of control provisions
- Service level guarantees with penalties
- Data portability requirements
- Escrow arrangements for critical configurations
- Termination rights for diminished capability
Financial Due Diligence
Regularly assess vendor financial health:
- Review funding announcements and rounds
- Monitor employee headcount changes (LinkedIn)
- Track leadership stability
- Assess market position and competition
- Evaluate parent company financial health
Key Takeaways
- Operational restructuring impacts service delivery: Cyberbit’s Israeli closure creates uncertainty for international customers despite continued U.S. operations
- Vendor concentration risk is real: Organizations relying solely on one training platform face significant continuity risks when vendors restructure
- Proactive contingency planning essential: Security teams must maintain alternative training capabilities and avoid single-vendor lock-in
- Due diligence matters: Regular assessment of vendor financial health and market position helps anticipate potential disruptions
- Data portability is critical: Organizations must maintain exports of custom content, configurations, and training data for business continuity
- Contract protections provide leverage: Well-structured agreements with appropriate clauses enable organizations to respond effectively to vendor changes
- Training resilience equals security resilience: Disrupted training programs directly impact security team effectiveness and organizational risk posture
Organizations currently using Cyberbit products should immediately assess their exposure, develop contingency plans, and engage with vendor management to clarify service continuation terms. The cybersecurity training market remains competitive with viable alternatives, but migration requires planning and resources.
The Cyberbit situation serves as a reminder that cybersecurity isn’t just about technical controls—operational resilience, vendor management, and business continuity planning are equally critical components of a comprehensive security strategy.
Stay updated at https://cydhaal.com — Your Daily Dose of Cyber Intelligence.
📧 Subscribe to our newsletter at https://cydhaal.com/newsletter/