Cymulate – Extended Security Posture Management

Luke Cifarelli, Security Specialist, iOCO, Cymulate.

---

ITWeb Security Summit sponsor, Cymulate, offers quantified risk assessment that bridges the reporting gap between business leaders and tech teams – a gap that too often results from the lack of real, reliable and accurate cyber security performance metrics.

The Cymulate Platform – named 2022 FROST RADAR Breach and Attack Simulation Report Innovation Leader – automatically validates that implemented security programs are effective, remediation efforts are contextualised and risk levels are baselined, rationalising requests for additional budget or headcount.

“There is no downtime for cyber security”, says Luke Cifarelli, Security Specialist, iOCO, Cymulate. “InfoSec professionals must constantly protect their organisation against a wide variety of real-time threats and real-time threat analysis, on-demand: Are we secure? Where are controls performing strongly and where do gaps exist? Do we have too many tools or too few? Are my information security teams overwhelmed or able to stay ahead of threat activity? Will our incident response protocols work as expected? Can I clearly report to senior leadership and the board on all of this, anytime? What will all these answers look like next week, next month, next quarter, next year? Will our cyber security programs scale adequately over time as the business grows and the threat landscape changes?” he says.

Cymulate Extended Security Posture Management – Use Cases – the Cymulate Platform is designed by offensive testing professionals and is built to scale and grow with the expertise and needs of the various security teams using it. The platform provides easy-to-use and extensive BAS. “Unlike traditional BAS solutions, the platform also allows for expansion into extended control sets and the use of custom attack scripting and binaries for advanced validation programs,” Cifarelli adds.

• Breach and attack simulation (BAS)

Leverages simulated cyber attacks for security control validation, SIEM/SOAR optimisation, security validation of cloud environments and SOC and incident response optimisation.

• Attack surface management (ASM)

Includes external attack surface management, full kill chain attack mapping and validation of access and segmentation security policies.

• Attack-based vulnerability management (ABVM)

Identifies exploitable vulnerabilities and makes staff patching efforts more effective.

• It measures the effectiveness of existing tools, identifies security gaps and provides actionable remediation recommendations, which enables Cymulate to gain visibility into an organisation's cyber security stack to eliminate overlapping capabilities and locate gaps.

Attack-based vulnerability management enables organisations to prioritise patching and reduce emergency patching workloads.

“The Cymulate XSPM SaaS platform is recognised as the industry’s most innovative security validation technology by multiple analysts and awards programmes. It has achieved these accolades because the platform goes beyond BAS to provide a flexible and expandable platform for security control validation that meets any organisation’s technical and business needs, not only for today but also over time, as cyber security resilience and maturity needs evolve. Integrations allow for validation that cannot be identified from the results of assessments alone and facilitates evaluation of the efficacy of human/technology hybrid operations like incident response. Complete reporting for both technical teams and business decision-makers provides the rationalisation of both remediation efforts and cyber security spending where one or more controls do need to be upgraded or replaced,” Cifarelli concludes.