
We find ourselves in a world where cyber threats are increasingly sophisticated and pervasive, so organisations must continually refine their defences, get it right every time, and be trained to minimise any damage quickly. Our adversaries, on the other hand, need to be lucky only once.
Resilience and protection, regardless of an organisation’s size, begins with its people. Teams are the backbone of any cyber-defence. Building a resilient security posture demands that organisations zero in on their workforce. One of the most effective ways to prepare and upskill teams is through rigorous training and testing in cyber ranges – controlled environments designed to simulate real-world cyberattacks.
However, these exercises often require large numbers of participants to make the environments hum as they would in any busy organisational network, presenting logistical and financial challenges. This is where the synthetic side of cyber ranges can come into play, offering AI-driven human-like activity. This capability is transforming cyber exercises and drills by delivering realism at scale – something that Roke continues to refine through innovation and anticipating the challenges of tomorrow right now.
To set the scene of our work, let’s take a look at the challenges that information security teams and cyber range designers face.
The Challenge of Creating an Effective and Realistic Cyber Range
A well-designed cyber range doesn’t just mimic a real-life environment; it fully recreates one. This provides an immersive and realistic setting for cybersecurity professionals to hone their skills, test defences, and expose vulnerabilities. However, realism often comes at a steep cost. Traditionally, running a comprehensive cyber exercise requires:
- A large number of personnel to simulate attackers, defenders, and non-player characters.
- Significant coordination to ensure a realistic and varied cyber environment.
- Extensive resources to maintain infrastructure and handle participant logistics.
And that’s before accounting for compatibility across different operating systems and platforms – agnostic cyber ranges aren’t the norm.
As a result, organisations often struggle to run frequent, large-scale exercises that truly reflect the dynamic nature of cyber threats and the sheer breadth that they can cover. This gap in fidelity has the very real potential to lead to untested security postures – and unprepared personnel – when a real attack occurs.
Achieving Realism at Scale with Virtual Humans
The integration of virtual humans into cyber ranges represents a breakthrough in how cybersecurity training and testing are delivered. These AI-driven agents can be programmed to exhibit human-like behaviours – generating realistic packet traffic, application usage and endpoint activity in a training environment, enabling organisations to:
- Reduce cost and complexity by replacing large numbers of human participants with intelligent virtual entities.
- Rapidly create dynamic, realistic scenarios where virtual humans act as employees, and threat actors can hide in traffic – interacting naturally and realistically with systems and networks.
- Realistic endpoint use in exercises where applications are actually running, rather than simply running packets on the wire.
By embracing virtual human technology, organisations can conduct cybersecurity exercises at any scale, across any platform – achieving the realism necessary for meaningful, effective threat response training without the burden of human-intensive operations.
Introducing Pattern of Life 6.0: A Step Forward in the Fidelity of Cyber Training
One of the latest advancements in cyber training and simulation is Pattern of Life (PoL) 6.0 – Roke’s innovative cyber range solution designed to enhance cybersecurity exercises and testing environments with unmatched realism.
True to our commitment to ensuring the most effective and forward-looking technologies, Pattern of Life 6.0 already offers a wide range of powerful capabilities, including:
- A wide range of ready-made agents – enabling emulation of user activity across Windows, Linux and Android applications, including browsers, office productivity software, messaging applications and other system utilities.
- Insider threat emulation – enabling cyber range operators to inject phishing links and e-mails with malware attachments so that defenders can safely analyse and combat simulated and realistic insider threats as part of cyber exercises.
- Traffic generation for domain testing – helping organisations to evaluate network defences under realistic, simulated conditions.
- With further functionality in development, it’s a future-ready tool for the evolving threat landscape – complete with LLM-generated content that increases realism, and Android device emulation that replicates increased potential attack surfaces as well as activity outside of “office hours”.
By incorporating PoL 6.0 into existing cyber resilience strategies, organisations have the potential to create more effective, scalable, and resource-efficient security practices.
Roke is proud to have developed and conceived PoL 6.0, the next step in a tool that has been used at scale for many years by some of the most demanding UK government clients. Our teams truly believe that we are paving the way for a new era of cyber resilience – one where realistic, scalable, and efficient cybersecurity training is accessible to organisations of all sizes and technology stacks. By combining cutting-edge innovation and the best of human ability, both public and private organisations can enhance their defences, reduce costs, and ultimately stay ahead of their adversaries and competitors.
Are you at CyberUK this year? Come by the Roke stand E29 and let's have a chat about how we can help you shore up your cyber resilience practices.
Related news, insights and innovations
Find out more about our cutting-edge expertise.



