Company: Cymulate

Solution: Continuous Security Validation Platform Founded in: 2016 Locations: Tel Aviv (Israel) Co-founder & CEO: Eyal Wachsman

Cymulate is a SaaS cyberattack simulation platform that allows companies to know and optimize the level of security at any time and continuously. With just a few clicks, Cymulate tests the effectiveness of security controls by performing thousands of automated attack simulations, quickly exposing security gaps, and providing corresponding mitigations. The only BAS (Breach & Attack Simulation) solution that simulates the entire attack vector, APT Full Kill-Chain. Cymulate testing is simple to perform, anytime, anywhere. While most cybersecurity solutions are notoriously difficult to implement, Cymulate’s Plug & Play platform is very easy, even for non-technical users.

Changing the paradigm of security testing in a way that is continuous, automated, and comprehensive

Cymulate was founded by an elite team of former IDF intelligence officers, frustrated by the inefficiencies of time and resources they experienced while conducting offensive cyber security operations in the field. Combining its expertise in cyber simulation technology with extensive expertise in the field to mimic the latest and most sophisticated cyberattacks, Cymulate uses high-end SaaS applications to simulate the myriad of tactics and strategies employed by hackers to attack network security infrastructures. Cymulate’s platform has been divided into different attack vectors providing a 360-degree view of your security level.

Cymulate Vectors

Try Smart

Cymulate’s attack surface management vectoruncovers what an intruder (hacker) can find out about your business during the initial information-gathering phase of an attack. The module identifies and flags your domains and subdomains to discover weaknesses and vulnerabilities on the Internet.
It also looks for open-source intelligence (OSINT) to uncover leaked credentials and organizational information that can be used in an attack.

WAF Security Test

The Web Application Firewall (WAF) vector allows you to test and optimize your web security countermeasures. This vector first identifies all forms and other means of data import available in the technical infrastructure security domain, and then challenges the WAF against thousands of attacks, including major OWASP payloads, command injection, and file inclusion attacks to assess the integrity of the WAF configuration and its blocking capabilities.

Email Security Testing

The Email Gateway vector allows you to test and optimize your email’s cybersecurity posture. This vector challenges your email security countermeasures against a broad set of attacks by sending emails with attachments that contain ransomware, worms, Trojans,
or links to malicious websites. The simulation reveals malicious emails, file types, and embedded files that could make their way into your employees’ inboxes.

Web Gateway Protection

The Web Gateway vector validates your organization’s web security countermeasures. This vector challenges controls that protect employees from both accessing and downloading malware hosted on malicious and compromised websites.
The vector tests ingress protection against thousands of different malicious files and simulated exploits, and outbound protection against information made up of thousands of URLs that are updated daily.

DLP Controls Challenge

The data exfiltration vector allows you to test the effectiveness of your Data Loss Prevention (DLP) security countermeasures and optimize them. This vector challenges your DLP controls with a wide range of regulatory, company-sensitive, and custom synthetic datasets. The vector packages data into different file types, including images and office files, and attempts to exfiltrate them using multiple exfiltration methods. The results of the attack simulation are presented in a comprehensive and easy-to-use format, which allows organizations to understand their DLP-related security deficiencies
and take appropriate steps to remediate them.

Internal Network Protection

The Lateral Movement Vector (Hopper) challenges your internal network configuration and segmentation policies against different techniques and methods used by attackers to spread within the network and
control additional systems. The vector simulates an adversary that is in control of a single workstation and attempts to move laterally within the organization. The result of the assessment is a visualization of all the endpoints that the assessment has been able to reach with a detailed description of the methods used for each hop. The assessment identifies infrastructure weaknesses, network misconfigurations, and weak passwords, and provides guidance for their remediation.

Improving Security Awareness

The Phishing Awareness Vector allows you to assess employee security awareness. It provides all the resources needed to create, customize, initiate, and measure phishing campaigns. Each campaign tracks 5 different actions (open, click, enter credentials, generate reports, and fill out a questionnaire) that provide the complete picture of employee safety awareness levels, allowing the organization to focus on those that require more training and monitor others

Full Kill-Chain APT Simulation

The Full Kill-Chain APT module allows you to test, measure, and improve the effectiveness of your security countermeasures against real-world advanced persistent threats (APTs). The module provides pre-built templates for testing against known APT groups and allows Red Teams to create their own APT attacks from tens of thousands of attack simulations across the Kill-Chain, including email, web, phishing, endpoints, lateral movement, and data exfiltration.

Purple Teaming Automation

A framework that puts the MITRE ATT&CK® framework to work, to create, initiate, and automate custom attack scenarios. In addition to the extensive library available from minute one, security personnel can design or modify executions to create simple and complex scenarios of atomic, combined, and chained executions. The module enables APT simulation, Purple Team exercises, incident response protocol exercises, and proactive threat hunting, and automates assurance procedures and health checks.

Endpoint Security Testing

The Endpoint Security Assessment Vector allows you to test and optimize the security effectiveness of your endpoints. The vector challenges your endpoints’ security countermeasures against a full suite of attacks that simulate the malicious behavior of ransomware, worms, Trojans, and other types of
malware. Red Team’s tests allow you to create custom attack scenarios using hundreds of commands across the cyberattack kill-chain, mapped to the MITRE ATT&CK framework.

Defense Against Latest Attacks

The Immediate Threat Intelligence module allows you to securely test and optimize your organization’s cybersecurity posture against specific, real, and emerging cyber threats. The module is updated daily by Cymulate’s security analysts, who monitor the web for new threats. The Immediate Threat Intelligence module tests Email Gateway, Web Gateway, and Endpoint security countermeasures.

Success stories

Para más información, acceda a la página web del fabricante.

¿Necesitas más información?



    En cumplimiento del art. 13 del Reglamento (UE) 2016/679 General de Protección de Datos, le informamos de que INGECOM IGNITION tratará sus datos personales con la finalidad de gestionar su consulta. Puede ejercer sus derechos en materia de protección de datos mediante solicitud a nuestro DPO en gdpr@ingecom.net. Puede obtener información adicional sobre el tratamiento de sus datos en nuestra política de privacidad publicada en www.ingecom.net.

    Productos de Cymulate

    Aviso Legal

    Política de privacidad

    Cookies

    ©2024 Ingecom