When Your Security Testing Goes Down with the Cloud: Lessons from the AWS Outage

Just after 3 AM ET on October 20, AWS’s US-EAST-1 region went dark. For over 15 hours, a DNS resolution failure cascaded through 100-plus AWS services, impacting organizations worldwide. By the time service was restored, more than 11 million disruption reports had flooded monitoring systems, and estimated losses climbed into hundreds of millions of dollars.

For critical infrastructure CISOs, this wasn’t just another outage headline. It exposed something more fundamental: the limitations of cybersecurity training and testing platforms built on public cloud infrastructure. 

The harsh reality is that when your testing provider’s cloud service goes down, your ability to prepare for threats goes down with it. Scheduled incident response drills are canceled, security validation testing halts, and compliance exercises are postponed. 

While AWS worked to restore service, threat actors didn’t pause—but organizations dependent on cloud-hosted training environments lost 15 critical hours of readiness building.

Why Cyber Range Infrastructure Demands Different Standards

Cybersecurity training, testing, and validation environments aren’t just another business application. They occupy a unique category that demands higher availability standards, because:

• Training can’t wait for recovery: When you’re building team readiness against nation-state adversaries and sophisticated ransomware groups, every hour counts. A day-long outage doesn’t just delay training; it erodes the cumulative muscle memory and coordination that regular exercises build.
• Testing must be repeatable and consistent: Security control validation requires consistent, controlled environments. When your testing platform experiences intermittent availability, you can’t trust validation results. Did your security control fail, or did the platform fail?
• Compliance demands always-on availability: Regulatory frameworks increasingly require documented evidence of continuous security testing and team preparedness. Extended platform outages create gaps in compliance documentation.

The Challenges of Depending on Public Cloud Uptime

While many cloud-hosted cyber ranges went dark with AWS, the SimSpace platform kept running. Organizations conducting scheduled training exercises and security validation continued their work unaffected.

The bottom line: Not all cyber ranges are created equal

Most cyber range providers host their platforms on AWS, Azure, or GCP. When the cloud goes down, so does their ability to deliver training and testing. But the vulnerability goes deeper than uptime.

Public cloud-hosted ranges are fundamentally constrained by their infrastructure choices:

• Because they’re bound to the VM catalogs of public cloud providers, they can only spin up standard Windows and Linux operating systems. Legacy systems, niche firmware, and highly specialized OT environments—the actual infrastructure critical organizations need to defend—cannot be replicated. 
• Their environments are entirely virtual, meaning hardware-in-the-loop integration with real firewalls, routers, or industrial controllers is impossible. 
• Customization is restricted to vendor-curated labs or minor modifications, not the freedom to design bespoke enterprise networks that mirror your actual production environment. 
• Tool integration is limited to pre-approved, cloud-compatible products, preventing organizations from testing with their complete production security stack. 
• And, adversary activity is typically scripted, running without the realistic background noise of thousands of benign users that defenders face in actual operations.

SimSpace Takes a Fundamentally Different Approach: A Private Cloud Infrastructure

We run our own data centers on our own private cloud infrastructure, which removes the restrictions of public cloud hypervisors entirely. 

This architecture allows SimSpace to support any operating system—from legacy builds to specialized OT firmware—and integrate hardware-in-the-loop where real physical equipment participates in exercises.

Because we control the virtualization layer directly, customers can fully customize networks, user activity, and attack campaigns while importing their entire security stack—SIEMs, EDRs, proprietary platforms—for true production-grade validation.

SimSpace’s dynamic adversary and user emulation creates the realistic operational complexity that cloud ranges cannot: thousands of benign users generating authentic network traffic alongside nation-state-level attack campaigns. Exercises scale seamlessly from small team drills to large coordinated events across unified enterprise environments, not isolated lab instances.

Most importantly, when AWS goes down, SimSpace stays up. Your cybersecurity readiness—the training exercises, security validation tests, and compliance drills that prepare your teams to defend essential infrastructure—continues uninterrupted.

To learn how SimSpace’s resilient architecture supports uninterrupted security operations for critical infrastructure organizations, schedule a demo.