Real machines, real isolation, real assessment. In a browser tab.
Reflare Galena gives your analysts full Linux and Windows environments in the browser, isolated per learner, on infrastructure you can keep out of US jurisdiction.
It is built by a cybersecurity company that runs its own CTF and training, so the architecture answers the questions a security team actually asks.
In production with enterprise, government and academic security programmes
500+
officers in a metropolitan police cyber unit train on Galena. Rakuten, NTT and PwC among the organisations using Reflare.
What your team stops fighting
Four problems Galena takes off your plate.
True isolation, per learner
Every learner runs in their own container and network. Nobody can reach, break or watch another learner's environment. A container escape lands on an execution node that holds no user data.
Real environments and real tools
Full Linux and Windows servers with real kernels, syscalls and network stacks. Bake in your own tooling through Docker images, including debugging stacks like gdb and ptrace, and run Windows with Active Directory domain joins.
Data residency you control
The core runs on Reflare-controlled dedicated hardware outside US public cloud, so accounts, scores and training records stay outside US jurisdiction. Ephemeral Windows environments run on AWS and hold no persistent learner data.
Provisioning at cohort scale
Linux desktops open in under ten seconds and Windows in about two minutes. The same control plane runs a five-person evaluation and your largest annual programme.
Security architecture
A deliberate security boundary, built by people who break things for a living.
The control plane holds the sensitive data: accounts, scores and training records. The execution nodes hold only running containers and ephemeral challenge data. A full compromise of an execution node exposes no user data.
Traffic between the two is encrypted and signed using JWE with JWS and RS256. Execution nodes force-apply security patches every hour, and a process-monitoring system watches for unexpected activity and can take graduated action up to wiping a node.
Each learner is isolated at the container and network level. Inter-container traffic is blocked unless a scenario needs it, and persistent storage is separate from compute, so learner data survives container and server restarts.
AI assessment
Free-text assessment a sceptic can live with.
Galena evaluates written, free-text answers where people explain concepts and analyse scenarios. An AI scores responses across competency domains. For SOC work that means network analysis, log analysis, incident response and threat intelligence, and it produces a skill-gap breakdown, a progression roadmap and a manager dashboard.
Scoring takes about a minute. Treat it as an evaluation aid inside your programme, with your own validation in the loop. We will show you exactly how it scores before you rely on it.
Honest limits
What Galena does not do yet.
GPU workloads are not provisioned today, so large-scale cracking and ML training are out of scope for now. There is no self-service signup, because deployments are set up with you. Windows environments carry higher latency than Linux. Authoring a new scenario means building a Docker image and metadata, which is engineering work.
Get started
Start with a pilot, or a technical deep-dive.
Tell us your stack, your scenarios and your scale, and we will come back with the right shape. Reflare has a London office for UK and European programmes.
The core runs on Reflare-controlled dedicated hardware outside US public cloud. Ephemeral Windows environments run on AWS and hold no persistent learner data, only training tools.
Can we bring our own tools, like Burp or our EDR agents?
Yes. Tooling is baked into Docker images for Linux or a Windows image, so your scenarios ship with the tools your team already uses.
Do you support Windows and Active Directory?
Yes. Real Windows servers with persistent per-learner storage, including domain joins for Active Directory attack and defence scenarios.
How fast can twenty analysts start at once?
Linux desktops open in under ten seconds each and Windows in about two minutes. Concurrent capacity is a hardware question, so it scales by adding more of it.
Do you provision GPU environments?
Not currently. GPU-bound work such as large-scale cracking or ML training is out of scope for now.
Can we run a vendor security review and a penetration test?
Yes. Reflare will walk your team through the architecture, support a vendor security review, and support a penetration test of the platform.
