Vendor: Cymulate
Price: $40,000-$500,000 based on company size and number of attack vectors.
Contact: cymulate.com

What it does: Cymulate divides the attack surface into seven attack vectors and runs hundreds of thousands of customizable simulations on the entire kill chain to test an organization’s security posture and controls.
What we liked: The focus on lateral simulations and the Lateral Movement module that shows how far an attacker could maneuver.

Cymulate divides the attack surface into seven distinct attack vectors, downloading and leveraging lightweight agents for each to conduct hundreds of thousands of customizable simulations that safely mimic the behavior of cyberattacks to test an organization’s security posture and controls across the entire kill chain. Following testing, analysts receive playbooks with step-by-step remediation guidance to help facilitate the mitigation process.

The product provides assessments and tests for each of the three stages of the attack surface: pre-exploitation, exploitation and post-exploitation. Organizations can configure simulations to run daily, weekly, monthly or at predefined times and days, after which the tool automatically emails results, which can also be viewed via the dashboard.

This is a template-based platform with full kill chain simulations that emulate the seven vectors of attack: lateral movement, phishing awareness, email gateway, data exfiltration, endpoint security, web application firewall and web gateway. The value of these simulations lies in the inherent ability to leverage Cymulate for detection to verify whether specific alerts are triggered by specific APT techniques. That ensures current security configurations are detecting when an attack gets through.

Cymulate performs several lateral movement simulations and even has a lateral movement module that shows how far an attacker could maneuver inside of an endpoint in addition to how well an infrastructure is configured.

The phishing element of this platform identifies which users are most likely to fall for a phishing attempt. Although the phishing simulation for users doesn’t provide any education, it is still an effective means of testing and providing insights.

The immediate threat dashboard uses intelligence that has been built into the platform to show any existing vulnerabilities that would be susceptible to new threats. Organizations can validate security controls by leveraging the intelligence in the platform to make simulations more creative, adding a human level of sophistication to test them the way an actual attacker would.

The tool displays the results of simulations in a variety of views and reports.

A performance graph shows each step of each simulation with color-coded outcomes. Red means the attack was executed completely, orange means the attack was partially halted and green says the attack was completely detected and blocked. Although the information here is useful, we found the layout to be busy.

A benchmark graph takes the results data from the simulations and provides a comparative view of an organization against other, anonymous Cymulate clients in the same industry.

Other PDF-exportable reporting options include executive summaries, lateral movement graphs and full technical reports.

This fully customizable solution provides organizations with create-your-own template functionality and out-of-the-box options. This is an especially worthy breach and attack simulation tool for anyone that wants to hone in on lateral movement simulations and needs a BAS tool that integrates with risk management solutions and scanners to supplement report data.

Starting price is $40,000; however, company size and the number of attack vectors impacts price. Phone, email, website support, a knowledgebase and FAQs are available 24/7 and come standard with purchase.

Tested by Tom Weil