Skip to content

What is Salient

Salient is a Tabletop Exercise as a Service (TTXaaS) platform for cybersecurity incident response training. It simulates realistic security incidents, scores organizational maturity, generates playbooks, and builds a digital twin of your security posture that compounds with every exercise.

Three Pillars

1. Digital Twin

A living model of your organization's security profile — identity infrastructure, tools, people, processes, gaps, and decision patterns. The twin is enriched by:

  • Exercise answers (AI mines organizational facts from how your team responds)
  • Connector data (Okta, Entra ID verify identity posture with real telemetry)
  • Uploaded artifacts (IR plans, security policies, architecture docs)
  • External MCP sources (Gmail, Notion, Calendar — security-relevant data from your existing tools)

2. TTX Engine

Adaptive incident simulations with branching scenarios. Exercises are tailored to your organization's actual tools and capabilities. Scoring maps to NIST CSF, MITRE ATT&CK, and CIS Controls v8.

  • 6 depth levels from foundational to advanced
  • AI-powered facilitation that probes deeper when answers are vague
  • Artifact rendering: emails, security alerts, log output, ransom notes
  • Scenario creation from threat intelligence or gap analysis

3. Output Engine

Everything the platform produces feeds back into the loop:

  • Maturity scores — NIST CSF function breakdown with trend tracking
  • Gap analysis — specific, actionable gaps mapped to controls
  • Playbooks — AI-generated incident response runbooks from exercise results
  • Posture reports — board-ready security posture assessments
  • Compliance evidence — NIST CSF 2.0, CIS v8, CMMC 2.0, HIPAA, SOC 2 Type II
  • Compiled Twin (SIF) — token-optimized intelligence format for AI agents

How It Works

Connect → Exercise → Score → Mine → Enrich → Recommend → Repeat
   │          │         │       │        │          │
   │      AI-powered  NIST   Extract  Update    Next scenario
   │      facilitation CSF   org facts  twin    targets gaps
   │                  MITRE                     
   └── Okta, Entra ID,      └── Confidence model:
       artifacts, MCPs          declared → observed → verified

Every cycle makes the twin smarter, the exercises more targeted, and the posture assessments more accurate. This is the compounding intelligence loop.

Who It's For

  • Security teams running incident response exercises
  • vCISOs and consultants managing multiple client postures
  • MSPs providing security assessments as a service
  • Compliance teams generating evidence for audits
  • AI agents consuming security intelligence via MCP

Next Steps

Quick Start — run your first exercise in 5 minutes