What it does: Cymulate Breach and Attack Simulation proactively assesses the efficacy of security controls against the full attack kill chain using simulated attacks that mimic the tactics and techniques of real adversaries.
What we liked: We really like the look and feel of the widget-based dashboard which shows tremendous at-a-glance information. Analysts may delve into any widget for a full report on covered insights, making the interface feel intuitive and easy to navigate.
Cymulate Breach and Attack Simulation operates as a cloud-based platform that proactively assesses the efficacy of security controls against the full attack kill chain using simulated attacks that mimic the tactics and techniques of real adversaries. Cymulate changes the paradigm of security testing with these continuous, automated and comprehensive simulations to help security teams efficiently remediate identified gaps.
As we all know, evolving stealth techniques and new attack strains mean that the threat landscape constantly changes and therefore the cybersecurity industry as a whole and each organization individually must exert considerable effort to keep pace with bad actors. Businesses frequently alter their IT environments to adjust against dynamic threat changes, often expanding their attack surfaces in the process. Software updates, though necessary, sometimes introduce new vulnerabilities into environments while they also delay updates that leave existing vulnerabilities unpatched. Changes to policies and controls increase the risk of misconfigurations and human error, while traditional security testing rapidly approaches obsolescence. How can organizations have any confidence in their security posture at any given moment?
Cymulate has a solution, simplifying security control testing with economical, automated simulations that validate endpoint security. Its custom assessments and comprehensive set of out-of-the-box tests span the entire end-to-end security posture, automate the full adversarial kill chain and emulate the events of a multi-vector attack, including intelligence gathering, gaining an initial foothold and network propagation. These assessments use real attack methods that are updated daily for the most accurate results. Security teams may even safely execute them within a production environment during business hours since the platform provides clear remediation guidance for misconfigurations and security gaps after each simulation.
We really like the look and feel of the widget-based dashboard which shows tremendous at-a-glance information. The landing page reveals a breakdown of the overall Cymulate score, a composite of all pre-exploitation, exploitation and post-exploitation scores. It also displays assessment results in multiple ways so that analysts have easy access to actionable information, such as performance-based scores, attack traces and immediate threats. Analysts may also delve into any widget for a full report on covered insights, making the interface feel intuitive and easy to navigate.
Filterable reports offer immediate threat intelligence that pinpoints the location of vulnerabilities within an organization and describes them using detailed technical information. Endpoint Security Reports, for example, have granular descriptions, correlated CVEs and references to the MITRE ATT&CK framework. We especially like the Lateral Movement Report, which shows all the lateral movements that have occurred during a simulation, the credentials used to gain access and the points breached on the network as a result, all mapped to the MITRE framework. There's even a Benchmark Overview that compares one organization’s security posture against those of its industry peers.
Overall, Cymulate Breach and Attack Simulation supports many use cases and offers quick visibility and fast insight into gaps within the network. The SaaS-based platform enables frequent updates of the comprehensive, full kill chain assessments to ensure customers stay protected from the latest threats.
Cymulate bases pricing on company size; prices range from $40,000 to $500,000. Cost includes 24/7 phone and email support.