Frequently Asked Questions
Product Security & Compliance
What is SOC2 Type II compliance, and why is it important for Cymulate customers?
SOC2 Type II compliance is an independent attestation that verifies Cymulate's security controls are suitably designed and operating effectively over time. This certification, audited by Deloitte Israel in accordance with AICPA standards, covers security, availability, confidentiality, and privacy. It assures customers that Cymulate has robust measures in place to protect sensitive data. Source
What other security and compliance certifications does Cymulate hold?
Cymulate holds several key certifications, including ISO 27001:2013 (Information Security Management System), ISO 27701 (Privacy Information Management), ISO 27017 (Cloud Services Security Controls), and CSA STAR Level 1. These certifications demonstrate Cymulate's commitment to industry-leading best practices. Learn more
How does Cymulate ensure the security of customer data?
Cymulate ensures data security through encryption in transit (TLS 1.2+) and at rest (AES-256), hosting in secure AWS data centers, a tested disaster recovery plan, and a strict Secure Development Lifecycle (SDLC) including continuous vulnerability scanning and annual third-party penetration tests. Source
Is Cymulate GDPR compliant?
Yes, Cymulate incorporates data protection by design and has a dedicated privacy and security team, including a Data Protection Officer (DPO) and Chief Information Security Officer (CISO), to ensure GDPR compliance. Source
What product security features does Cymulate offer?
Cymulate's platform includes mandatory 2-Factor Authentication (2FA), Role-Based Access Controls (RBAC), IP address restrictions, and TLS encryption for its Help Center, ensuring robust protection for users and their data. Source
How does Cymulate's SOC2 Type II compliance benefit customers?
SOC2 Type II compliance provides customers with independent assurance that Cymulate's security controls are effective and meet industry standards for protecting sensitive information, supporting compliance requirements for regulated industries. Source
Who conducted Cymulate's SOC2 Type II audit?
The SOC2 Type II audit for Cymulate was conducted by Deloitte Israel, following the attestation standards set by the American Institute of Certified Public Accountants (AICPA). Source
What is the scope of Cymulate's SOC2 Type II certification?
The SOC2 Type II certification covers the suitability of the design and operating effectiveness of Cymulate's security controls, including security, availability, confidentiality, and privacy. Source
How does Cymulate address security concerns for SaaS and cloud-based services?
Cymulate addresses security concerns by maintaining industry-leading certifications, implementing strong encryption, following a secure development lifecycle, and undergoing regular third-party audits to ensure the protection of client, partner, and employee data. Source
Where can I find more details about Cymulate's security and compliance practices?
For comprehensive information about Cymulate's security and compliance practices, visit the Security at Cymulate page.
Product Features & Capabilities
What is Cymulate's main product offering?
Cymulate offers a SaaS-based, end-to-end Breach and Attack Simulation (BAS) platform that enables organizations to continuously measure and improve their security posture across the full attack kill chain. Source
How does Cymulate help organizations improve their security posture?
Cymulate enables organizations to challenge their security controls, IT infrastructure, and employee security awareness through continuous validation, providing actionable remediation guidance and data-driven insights to mitigate risk and optimize security control effectiveness. Source
What are the key capabilities of Cymulate's platform?
Cymulate's platform provides continuous threat validation, unified exposure management, attack path discovery, automated mitigation, AI-powered optimization, complete kill chain coverage, and an extensive threat library with over 100,000 attack actions updated daily. Learn more
Does Cymulate provide actionable remediation guidance?
Yes, every assessment performed by Cymulate is scored and includes actionable remediation guidance to help organizations mitigate risk and optimize the effectiveness of their security controls. Source
How does Cymulate support data-driven decision making?
Cymulate provides quantifiable metrics and insights from continuous security validation, enabling organizations to make informed, data-driven decisions about their security investments and resource allocation. Source
What integrations does Cymulate support?
Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. For a full list, visit the Partnerships and Integrations page.
What technical documentation is available for Cymulate?
Cymulate provides guides, whitepapers, solution briefs, and data sheets covering topics like vulnerability management, exposure validation, attack path discovery, and automated mitigation. Access these resources at the Resource Hub.
How often is Cymulate's threat library updated?
Cymulate's threat library is updated daily, ensuring customers have access to the latest attack simulations and threat intelligence. Source
Does Cymulate support automated mitigation?
Yes, Cymulate integrates with security controls to push updates for immediate threat prevention and offers automated remediation capabilities. Learn more
Implementation & Ease of Use
How easy is it to implement Cymulate?
Cymulate is designed for quick, agentless deployment with no need for additional hardware or complex configurations. Customers can start running simulations almost immediately after deployment. Source
What feedback have customers given about Cymulate's ease of use?
Customers consistently praise Cymulate for its intuitive interface and ease of use. For example, Raphael Ferreira, Cybersecurity Manager, said, "Cymulate is easy to implement and use—all you need to do is click a few buttons, and you receive a lot of practical insights into how you can improve your security posture." Read more testimonials
What support options are available for Cymulate customers?
Cymulate offers email support, real-time chat support, a knowledge base with technical articles and videos, webinars, e-books, and an AI chatbot for quick answers and guidance. Contact support
How long does it take to start using Cymulate?
Most customers can start running Cymulate simulations almost immediately after deployment, thanks to its agentless architecture and minimal setup requirements. Source
Pricing & Plans
What is Cymulate's pricing model?
Cymulate uses a subscription-based pricing model tailored to each organization's needs. Pricing depends on the chosen package, number of assets, and scenarios selected. For a personalized quote, schedule a demo.
Use Cases & Business Impact
What types of organizations use Cymulate?
Cymulate is used by organizations of all sizes, from small enterprises to large corporations, across industries such as finance, healthcare, retail, media, transportation, and manufacturing. See case studies
Who are the main users of Cymulate within an organization?
Cymulate is designed for CISOs and security leaders, SecOps teams, red teams, and vulnerability management teams. Each role benefits from tailored features and insights. Learn more
What business impact can customers expect from using Cymulate?
Customers report up to a 52% reduction in critical exposures, a 60% increase in team efficiency, and an 81% reduction in cyber risk within four months. Learn more
What are some real-world case studies demonstrating Cymulate's value?
Hertz Israel reduced cyber risk by 81% in four months, a sustainable energy company scaled penetration testing cost-effectively, and Nemours Children's Health improved detection in hybrid and cloud environments. See all case studies
What core problems does Cymulate solve for security teams?
Cymulate addresses overwhelming threat volumes, lack of visibility, unclear risk prioritization, and resource constraints by automating threat validation, exposure prioritization, and remediation. Learn more
How does Cymulate help with fragmented security tools?
Cymulate integrates exposure data and automates validation, providing a unified view of the security posture and reducing gaps caused by disconnected tools. See case study
How does Cymulate address resource constraints in security teams?
Cymulate automates manual processes, improves operational efficiency, and enables teams to focus on strategic initiatives. See case study
How does Cymulate help with risk prioritization?
Cymulate validates exploitability and ranks exposures based on prevention and detection capabilities, business context, and threat intelligence, helping organizations focus on the most critical vulnerabilities. See case study
Competition & Differentiation
How does Cymulate compare to AttackIQ?
Cymulate surpasses AttackIQ in innovation, threat coverage, and ease of use, offering the industry's leading threat scenario library and AI-powered capabilities. Read more
How does Cymulate compare to Mandiant Security Validation?
Mandiant Security Validation is an original BAS platform but has seen little innovation in recent years. Cymulate continually innovates with AI and automation, expanding into exposure management as a grid leader. Read more
How does Cymulate compare to Pentera?
Pentera focuses on attack path validation but lacks the depth Cymulate provides to fully assess and strengthen defenses. Cymulate optimizes defense, scales offensive testing, and increases exposure awareness. Read more
How does Cymulate compare to Picus Security?
Picus Security offers an on-premise BAS option but lacks the comprehensive exposure validation platform Cymulate provides, which covers the full kill-chain and includes cloud control validation. Read more
How does Cymulate compare to SafeBreach?
Cymulate outpaces SafeBreach with unmatched innovation, precision, and automation, offering the industry’s largest attack library, a full CTEM solution, and comprehensive exposure validation. Read more
How does Cymulate compare to Scythe?
Scythe is suitable for advanced red teams building custom attack campaigns, but Cymulate provides a more comprehensive exposure validation platform with actionable remediation and automated mitigation. Read more
