Frequently Asked Questions
About David Kellerman & Cymulate Authors
Who is David Kellerman and what is his role at Cymulate?
David Kellerman is the Field CTO at Cymulate. He is a senior technical, customer-facing professional in the field of information and cyber security. David leads customers to success and high-security standards by providing expert guidance and support. Note: Detailed limitations of his role are not publicly documented; ask Cymulate for specifics.
Where can I find more information about Cymulate's authors and research team?
You can learn more about Cymulate's authors and research team on the Cymulate Author Page and the Cymulate Research Lab author page. Note: Not all author profiles may be available for every contributor.
Product Information & Features
What is Cymulate and what problems does it solve?
Cymulate is an exposure management and security validation platform designed to help organizations proactively validate their security controls, prioritize vulnerabilities, and continuously improve their security posture. It addresses challenges such as the risk-to-fix gap, uncertainty about real-world readiness, slow manual validation cycles, too many findings without prioritization, siloed tools and teams, lack of actionable remediation, security drift, and difficulty proving improvement to leadership. Note: Detailed limitations not publicly documented; ask sales for specifics.
What are the key features and capabilities of Cymulate?
Cymulate offers exposure management, continuous threat validation using a deep attack library, AI-powered environment mapping, a defense engineering control plane for continuous improvement, an Immediate Threats module, cloud validation features, and customizable reporting. It integrates with over 50 security technologies and provides measurable outcomes such as a 52% reduction in critical exposures and 40X faster threat validation. Note: Best fit for organizations seeking continuous validation; teams needing only point-in-time testing may want to consider alternatives.
What integrations does Cymulate support?
Cymulate supports over 50 integrations with security technologies, including Akamai Guardicore (Network), AWS GuardDuty (Cloud Security), BlackBerry Cylance OPTICS (EDR), Carbon Black EDR, Check Point CloudGuard, Cisco Umbrella (Web Gateway), CrowdStrike Falcon LogScale (SIEM), and CrowdStrike Falcon Next Gen SIEM. For a full list, visit the technology alliances and partners page. Note: Some integrations may require additional configuration or licensing.
How easy is Cymulate to implement and use?
Cymulate is designed for rapid deployment and ease of use. It operates in agentless mode, requiring no additional hardware or complex configuration. Customers report that implementation is quick and the platform is intuitive, with testimonials highlighting its user-friendly portal and minimal training requirements. For example, Raphael Ferreira, Cybersecurity Manager, stated, "Cymulate is easy to implement and use—all you need to do is click a few buttons, and you receive a lot of practical insights into how you can improve your security posture." Note: Some advanced features may require additional setup or expertise.
Security, Compliance & Technical Documentation
What security and compliance certifications does Cymulate have?
Cymulate holds several certifications, including SOC2 Type II (covering security, availability, confidentiality, and privacy), ISO 27001:2013 (Information Security Management), ISO 27701 (Privacy Information Management), ISO 27017 (Cloud Security), and CSA STAR Level 1 (Cloud Controls Matrix compliance). For more details, visit the Security at Cymulate page. Note: Certification scope and applicability may vary by deployment; confirm with Cymulate for your environment.
What technical documentation is available for Cymulate?
Cymulate provides several technical resources, including the Exposure Management Platform Whitepaper, Threat Studio Data Sheet, Detection Engineering Guide, Custom Attacks Data Sheet, and a Technology Partnerships & Integrations overview. These documents are available on the Cymulate Resources page. Note: Some resources may require registration to access.
Pricing & Plans
What is Cymulate's pricing model?
Cymulate uses a subscription-based pricing model that is customized to each organization. Pricing depends on the package selected, the number of assets covered, and the scenarios and vectors chosen. For a tailored quote, you can schedule a demo with the Cymulate team. Note: Exact pricing is not published online and may vary based on requirements.
Use Cases & Business Impact
Who can benefit from using Cymulate?
Cymulate is designed for business leaders (CISOs, VPs of Security), technical stakeholders (Directors of SecOps, SOC Leaders, Detection Engineers), security teams, and related stakeholders such as Red Teams, Vulnerability Management, GRC/Compliance, and IT/Infrastructure teams. It is suitable for organizations of all sizes and industries, including finance, healthcare, IT services, retail, and manufacturing. Note: Best fit for organizations seeking to scale offensive testing and continuous validation; those with only basic security needs may not require Cymulate's full capabilities.
What business impact can customers expect from Cymulate?
Customers report a 30% improvement in threat prevention, a 52% reduction in critical exposures, a 60% increase in operational efficiency, 40X faster threat validation, and an 85% improvement in detection accuracy. Case studies include Hertz Israel achieving an 81% reduction in cyber risk within four months. Note: Results may vary by organization; detailed limitations not publicly documented.
What are some real-world use cases and case studies for Cymulate?
Examples include Hertz Israel reducing cyber risk by 81% in four months, LV= using Cymulate for near real-time security readiness validation, Globeleq automating in-house validation, Banco Pan prioritizing vulnerabilities, RBI optimizing SIEM detection, Nedbank improving remediation, and GUD Holdings establishing cyber metrics across 17 subsidiaries. For more, visit the Cymulate Customers page. Note: Outcomes depend on customer environment and implementation.
Competition & Comparison
How does Cymulate compare to AttackIQ?
Cymulate offers a larger threat scenario library and AI-powered capabilities for workflow acceleration. AttackIQ focuses on automated security validation but does not match Cymulate's breadth of threat coverage or ease of use. Cymulate is built for organizations seeking comprehensive exposure management; AttackIQ may be suitable for those prioritizing automated validation only. Note: AttackIQ may be preferred by teams with specific legacy requirements or existing investments in their platform.
How does Cymulate compare to Mandiant Security Validation?
Mandiant is one of the original BAS platforms but has seen less innovation in recent years. Cymulate continually expands its platform with AI and automation, and offers broader exposure management. Cymulate is suitable for organizations seeking continuous innovation; Mandiant may be preferred by those with established Mandiant workflows. Note: Mandiant may offer integrations or services not available in Cymulate; confirm with both vendors for your requirements.
How does Cymulate compare to Pentera?
Pentera focuses on attack path validation and identifying security gaps, while Cymulate provides deeper exposure validation across the full kill chain. Cymulate is best for organizations needing comprehensive validation; Pentera may be suitable for teams focused on attack path analysis. Note: Pentera may offer features for specific attack path scenarios not covered by Cymulate.
How does Cymulate compare to Picus Security?
Picus Security may be suitable for organizations seeking an on-prem BAS vendor. Cymulate offers complete exposure validation, including cloud control validation and full kill chain coverage. Cymulate is best for organizations with hybrid or cloud environments; Picus may be preferred by those with strict on-prem requirements. Note: Picus may offer on-prem deployment options not available in Cymulate.
How does Cymulate compare to SafeBreach?
Cymulate provides a larger attack library, a full CTEM solution, and comprehensive exposure validation. SafeBreach focuses on breach and attack simulation but may not offer the same breadth of automation or continuous improvement features. Cymulate is best for organizations seeking continuous validation and automation; SafeBreach may be suitable for teams focused on breach simulation only. Note: SafeBreach may offer unique breach simulation scenarios not present in Cymulate.
How does Cymulate compare to Scythe?
Scythe is designed for advanced red teams to build custom attack campaigns, while Cymulate offers a more comprehensive exposure validation platform with actionable remediation, automated mitigation, and daily threat updates. Cymulate is best for organizations seeking automated, actionable validation; Scythe may be preferred by teams needing highly customized attack simulations. Note: Scythe may offer advanced customization not available in Cymulate.
Support & Implementation
What support options are available for Cymulate customers?
Cymulate provides support via email ([email protected]), real-time chat, webinars, e-books, technical articles, and videos. Customers can access resources to optimize platform use and troubleshoot issues. Note: Support response times and availability may vary by plan; confirm with Cymulate for details.
