Frequently Asked Questions

Product Features & Capabilities

What is Cymulate Exposure Validation and what does it do?

Cymulate Exposure Validation is a unified platform that enables organizations to test and optimize their security controls through automated, real-world attack simulations. It helps security teams validate their defenses, reduce the likelihood of successful cyber attacks, and lower the risk of material breaches by providing contextual, streamlined assessments across the entire security stack. Learn more.

What are the main features introduced in the latest Cymulate platform update?

The latest update introduces contextual assessments, an attack scenario workbench, unified risk-based scoring, an enhanced security posture dashboard, AI-guided validation strategy, expanded security controls, custom attack scenarios, daily threat feeds, and smart templates. These features streamline assessment creation, improve coverage, and automate validation for emerging threats. Source.

How does the attack scenario workbench help security teams?

The attack scenario workbench provides a simple interface for security teams to filter and select from over 100,000 real-world attack simulations. It enables the creation of automated assessments that test security controls and operational responses to the latest threats, supporting custom scenarios across multiple vectors like ransomware, APT campaigns, MITRE ATT&CK techniques, and more.

What is unified risk-based scoring in Cymulate?

Cymulate uses a consistent risk scoring system based on the weighted average of risk and findings. Scores range from 0 (minimal risk) to 100 (high risk), helping organizations benchmark and track their security posture. A score of 33 or lower is generally considered an acceptable risk level, but organizations can set their own thresholds based on business context.

How does the security posture dashboard work?

The security posture dashboard provides high-level insights into risk levels and prevention ratios across each phase of the attack lifecycle. It allows users to filter by environment, platform, APT group, attack type, and tags, offering a holistic view of the organization's security posture and detection capabilities.

What is the AI-guided validation strategy in Cymulate?

The AI-guided validation strategy uses AI-powered insights to help users scope and customize validation assessments. It allows natural language prompts to generate exposure validation templates and schedules tailored to industry, geography, compliance frameworks, security controls, and team size, streamlining the assessment process.

How does Cymulate support custom attack scenarios?

Cymulate allows security teams to upload their own attack resources (files, URLs, scripts, phrases, WAF payloads) to the resource library, enabling the creation of custom scenarios and assessments specific to their business context. Resources can be tagged for easy organization and alignment with assessments.

What are smart templates in Cymulate?

Smart templates are dynamic assessment templates that automatically include new attack scenarios matching the criteria used to create the template. This ensures that scheduled assessments always test against the latest threats without manual updates.

How does Cymulate help with detection engineering?

Cymulate provides SIEM/SOAR attack scenarios and generates Sigma rules to improve detection ratios. Security teams can use these features to enhance threat detection, threat hunting, and accelerate detection engineering processes.

What types of security controls can Cymulate validate?

Cymulate can validate a wide range of security controls, including network intrusion prevention/detection (IPS/IDS), cloud workload protection platforms (CWPP), Kubernetes container security (K8S), and cloud IDS. This enables comprehensive coverage across on-premises, cloud, and hybrid environments.

How does Cymulate keep up with the latest threats?

Cymulate's threat research team loads new attack simulations into the platform daily, using feeds from the cyber community and organizations like CISA. The platform can auto-run immediate threat assessments and notify security leaders when exposed to new threats, providing mitigation guidance and detection rules.

What is Exposure Validation and why is it important?

Exposure Validation is the process of continuously and automatically testing security controls against the latest adversarial techniques to ensure they are effective against real-world attacks. Cymulate's approach provides operational metrics, evidence-based insights, and board-ready reports to help organizations prove and improve their resilience. Read more.

How does Cymulate support ad-hoc and scheduled assessments?

Cymulate allows users to quickly launch ad-hoc assessments to recheck mitigation effectiveness and schedule recurring assessments using smart templates. Assessments can be paused, resumed, tagged, and commented for better management and tracking.

How does Cymulate help organizations defend against the threat actor’s playbook?

The platform provides access to a rich library of threat actor tactics and techniques, enabling organizations to validate their defenses against real-world attack chains. Automated offensive testing at scale helps identify and mitigate security control weaknesses efficiently.

What is the value of a streamlined assessment experience in Cymulate?

Cymulate's streamlined assessment experience allows users to create, execute, and manage security assessments efficiently across all relevant controls. This unified approach delivers consistency, flexibility, and a holistic view of the organization's security posture, saving time and effort for security teams.

How does Cymulate enable contextual assessments?

The platform allows users to create highly contextual assessments across security controls for specific attack vectors, such as new ransomware variants or APT campaigns. Users can run a single assessment across multiple modules and receive unified reports, supporting full kill-chain attack scenarios.

How does Cymulate help optimize existing security technology investments?

Cymulate enables organizations to test and validate their current security controls, identify gaps, and optimize configurations to maximize threat prevention and detection. This helps organizations reach and maintain an acceptable level of risk based on their business context.

What is the role of daily threat feeds in Cymulate?

Daily threat feeds provide immediate access to the latest attack simulations based on current threat actor campaigns. These feeds can be configured for auto-run, with notifications and mitigation guidance delivered to security leaders when new exposures are detected.

How does Cymulate support collaboration across security teams?

Cymulate's unified platform enables collaboration between SecOps, Red Teams, and Vulnerability Management teams by providing a single source of validated exposure data, actionable insights, and quantifiable metrics to drive a unified security strategy.

How does Cymulate integrate with other security technologies?

Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. For a complete list, visit our Partnerships and Integrations page.

Use Cases & Benefits

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, Red Teams, and Vulnerability Management teams in organizations of all sizes and industries, including finance, healthcare, retail, media, transportation, and manufacturing. It provides tailored solutions to improve threat resilience, operational efficiency, and risk alignment. Learn more.

What problems does Cymulate solve for security teams?

Cymulate addresses fragmented security tools, resource constraints, unclear risk prioritization, cloud complexity, communication barriers, inadequate threat simulation, operational inefficiencies in vulnerability management, and post-breach recovery challenges. It provides automation, actionable insights, and unified exposure data to solve these pain points. See case studies.

Are there real-world examples of Cymulate's impact?

Yes. For example, Hertz Israel reduced cyber risk by 81% in four months, a sustainable energy company scaled penetration testing cost-effectively, and Nemours Children's Health improved detection in hybrid and cloud environments. Read more case studies.

How does Cymulate help with regulatory compliance and audits?

Cymulate provides quantifiable metrics, validated data, and board-ready reports that help organizations demonstrate compliance with regulatory requirements and improve internal governance. For example, Saffron Building Society used Cymulate to prove compliance for financial regulators. Read the case study.

How easy is Cymulate to use and implement?

Cymulate is designed for ease of use, with agentless deployment, minimal setup, and an intuitive interface. Customers report being able to start running simulations almost immediately, with support available via email, chat, and a comprehensive knowledge base. Schedule a demo.

What feedback have customers given about Cymulate's ease of use?

Customers consistently praise Cymulate for its intuitive, user-friendly dashboard and ease of implementation. Testimonials highlight the platform's simplicity, actionable insights, and accessible support. For example, Raphael Ferreira, Cybersecurity Manager, said, "Cymulate is easy to implement and use—all you need to do is click a few buttons, and you receive a lot of practical insights." Read more testimonials.

How does Cymulate help organizations prioritize risk?

Cymulate validates the exploitability of exposures and ranks them based on prevention and detection capabilities, business context, and threat intelligence. This helps organizations focus on the most critical vulnerabilities and optimize remediation efforts.

What measurable outcomes have Cymulate customers achieved?

Customers have reported up to a 52% reduction in critical exposures, a 60% increase in team efficiency, and an 81% reduction in cyber risk within four months. These outcomes are supported by case studies and customer testimonials. See more.

How does Cymulate support continuous threat validation?

Cymulate runs 24/7 automated attack simulations, continuously validating security defenses in real time. This ensures organizations stay ahead of emerging threats and maintain an up-to-date understanding of their security posture.

How does Cymulate help with post-breach recovery?

Cymulate enhances visibility and detection capabilities after a breach, enabling organizations to quickly identify gaps, validate remediation actions, and ensure faster recovery. Read the case study.

How does Cymulate address cloud security validation?

Cymulate provides automated compliance and regulatory testing for hybrid and cloud infrastructures, helping organizations secure new attack surfaces introduced by cloud adoption. Learn more.

How does Cymulate help with vulnerability management?

Cymulate automates in-house validation between penetration tests and prioritizes vulnerabilities based on exploitability, improving operational efficiency for vulnerability management teams. Learn more.

Security, Compliance & Trust

What security and compliance certifications does Cymulate have?

Cymulate holds SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1 certifications. These attest to Cymulate's adherence to industry-leading security, privacy, and cloud compliance standards. Learn more.

How does Cymulate ensure data security and privacy?

Cymulate uses encryption for data in transit (TLS 1.2+) and at rest (AES-256), hosts data in secure AWS data centers, and follows a strict Secure Development Lifecycle (SDLC). The platform also includes 2FA, RBAC, IP restrictions, and is GDPR-compliant with a dedicated privacy and security team.

What is Cymulate's approach to application and HR security?

Cymulate develops its platform using a secure SDLC, conducts continuous vulnerability scanning, annual third-party penetration tests, and provides ongoing security awareness training and phishing tests for employees. Comprehensive security policies are enforced across the organization.

Is Cymulate GDPR compliant?

Yes, Cymulate is GDPR compliant. The company incorporates data protection by design and has a dedicated privacy and security team, including a Data Protection Officer (DPO) and Chief Information Security Officer (CISO).

Pricing & Implementation

What is Cymulate's pricing model?

Cymulate uses a subscription-based pricing model tailored to each organization's needs. Pricing depends on the chosen package, number of assets, and scenarios selected. For a personalized quote, schedule a demo.

How long does it take to implement Cymulate?

Cymulate is designed for rapid, agentless deployment with minimal setup. Customers can typically start running simulations almost immediately after deployment, with no need for additional hardware or complex configurations.

What support options are available for Cymulate customers?

Cymulate offers email support ([email protected]), real-time chat support, a knowledge base with technical articles and videos, webinars, e-books, and an AI chatbot for quick answers and template creation. Contact support.

Company, Recognition & Resources

What is Cymulate's mission and vision?

Cymulate's mission is to transform cybersecurity practices by enabling organizations to proactively validate defenses, identify vulnerabilities, and optimize their security posture. The vision is to create a collaborative environment for lasting improvements in cybersecurity. Learn more.

What industry recognition has Cymulate received?

Cymulate was named a Customers' Choice in the 2025 Gartner Peer Insights and recognized as a market leader for automated security validation by Frost & Sullivan. Read more.

Where can I find Cymulate's blog, newsroom, and resource hub?

You can find the latest threats, research, and company news on our blog, newsroom, and Resource Hub.

Where can I find a video overview of Exposure Validation Made Easy?

You can watch the video overview here: Exposure Validation Made Easy video.

Where can I watch the Threat Exposure Validation Summer Series video?

You can watch the video here: Threat Exposure Validation Summer Series: Threat Exposure Validation is a must have in 2025 video.

Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

The Future of Exposure Validation is Here

By: Yoni Harris

Last Updated: September 2, 2025

cymulate Exposure Validation

Advanced product innovation from the new Cymulate platform 

The recent update of the Cymulate Exposure Validation Platform introduces new features and functionality that enable organizations and their security leaders to test and optimize security controls to maximize threat prevention and detection. This allows them to reduce the likelihood of a successful cyber attack and significantly lower the risk of a material cyber breach. Organizations can now improve their security posture and optimize their existing security technology investments to reach and maintain an acceptable level of risk based on their business context. 

This update includes new features as well as workflow changes that make it simpler and more efficient to create the assessments you need to test and validate the threats that concern you the most. Whether it’s how well your security controls prevent and detect ransomware threats or how your security team responds to a specific threat actor or APT group targeting your industry, you can quickly and easily run automated, scheduled attack simulations and red team exercises that provide frequent (weekly) insights and mitigations to reduce your threat exposure. 

Delivering a streamlined assessment experience 

As cyber threats grow in complexity, organizations are under pressure to strengthen their defenses and stay ahead of potential attacks. This next release of the Cymulate platform is designed to meet that need, offering a more streamlined approach that delivers consistency, flexibility and efficiency to create and execute the assessments you need to evaluate your security posture and optimize your security defenses. 

Cymulate has transformed how you conduct security assessments, providing a unified platform that validates the security controls across your security technology stack. Now, you can evaluate threats and campaigns with a single, streamlined assessment that runs across all relevant controls. This approach enables you to simulate both security control best practices and complex full kill-chain cyberattacks across your entire security infrastructure. Together, this gives you a holistic view of your security posture with robust coverage across an expanded range of security controls. 

Contextual Assessments 

The new platform provides the flexibility to create highly contextual assessments across your security controls for the attack vectors that concern you the most. For example, a single assessment can determine how well you are protected from new (last 6 weeks), high-risk, ransomware variants on your Windows platforms. This latest release removes the previous module dependency meaning you can now run a single assessment across multiple modules and receive a unified report of the findings for all controls. This enables full kill-chain attack scenarios across multiple security controls with a more consistent, streamlined and flexible assessment experience for users of the Cymulate platform. 

Attack Scenario Workbench 

Attack Scenario Workbench

Contextual assessments are created using the new attack scenario workbench. The workbench provides a simple interface to filter and select attack scenarios to create an assessment from more than 100,000 real-world attack simulations and malicious actions from the threat actor's playbook. 

Security teams can easily create fully automated assessments that test and validate security controls and operational responses to the latest emergent threats. This flexible user interface allows security teams to create new assessments and custom attack actions (scenarios) across multiple security control vectors to validate things like: 

  • Ransomware and malware variants 
  • APT group campaigns 
  • MITRE ATT&CK tactics and techniques 
  • Known vulnerabilities (CVEs) 
  • Risk level (Critical, High, Medium, Low, Info) 
  • Platform (Windows, Mac, Linux, Cloud, plus 40 more) 

Cymulate customers can use the workbench to run multiple searches against the attack simulation library, selecting the scenarios they want to include in an assessment or as a template. 

Unified Risk-based Scoring

Unified Risk-based Scoring

The Cymulate platform operates off a consistent scoring approach based on the weighted average of risk and findings. The lower the score, the lower the risk using the following scale: 

  • 0 – 10 = Minimal Risk 
  • 11 – 33 = Low Risk 
  • 34 – 67 = Medium Risk 
  • 68 – 100 = High Risk 

The risk score represents the likelihood of a successful attack with a score of 33 or lower, generally considered an “acceptable level of risk” by Cymulate. Every organization can establish their own baseline for what they consider an acceptable level of risk based on their business context. 

Security Posture Dashboard 

The main Cymulate dashboard provides high-level insight into your risk level and prevention ratio across each phase of the attack life cycle. In addition, you have an overall risk score for the detection ratio of alerts and events captured in your SIEM environment. 

This dashboard enables security teams to answer questions about their security posture and cyber-risk level against active threats with confidence. 

Security Posture Dashboard

From this dashboard, you can quickly apply filters to look at specific environments and attack vectors including: 

  • Environment 
  • Platform 
  • APT Groups 
  • ATT&CK Types  
  • Tags (e.g. Ransomware) 

The overall score provides strong support for detection engineering to capture the alerts and events that indicate potential malicious activity is occurring in your IT environment. The absence of detections does not mean the absence of a threat actor, so validating your SIEM detection ratio is a critical step in identifying and stopping threat activity before it can lead to a material cyber breach. 

For organizations looking to understand their cyber risk, the dashboard gives a true indication of the likelihood of a successful attack. 

AI-guided Validation Strategy 

The new platform release offers AI-guided scoping to streamline the generation of assessments aligned to your validation strategy. AI-powered insights guide and customize your validation assessments that are tailored to your business needs and the security resources you have available.  

The AI interface allows for natural language prompts to customize exposure validation templates and schedule assessments based on your desired frequency. You can tailor your validation strategy by industry, geography, compliance framework, security controls, team size (resources) and more. The output delivers simulation-ready exposure validation templates, testing schedules and more, giving you a guided experience to go from specific business requirements to a focused assessment configuration in minutes. 

Focused execution for the threats and environments that matter most 

The Cymulate Exposure Validation Platform enables security teams to focus the execution of assessments to test and validate how well protected they are against specific threats and APT groups targeting their region / industry and to evaluate the risks to the environments that matter most to their business. The following new and expanded features in this release  

Expanded Security Controls 

Expanded Security Controls

The latest platform release offers an expanded list of security controls that can be selected and used to filter attack scenarios for one or more controls in the scenario workbench.  

This flexibility removes the module dependencies that existed in prior platform versions, enabling a more streamlined approach to assess specific threats across multiple security controls.  

New control selections have been added to the platform making it easier to select attack scenarios that validate network security controls, cloud security controls and SIEM / SOAR alerts and events. 

  • IPS / IDS scenarios validate network intrusion prevention / detection 
  • CWPP scenarios validate cloud workload protection platforms 
  • K8S scenarios validate high privilege threat activity in containers running Kubernetes  
  • Cloud IDS scenarios validate threats in cloud infrastructure is detected by your SIEM 

Using the SIEM / SOAR attack scenarios, security teams can gain deep insight into the detection ratio of alerts and events within their SIEM / SOAR environment. Security teams can enhance their threat detection and threat hunting capabilities while security engineers can accelerate the process of detection engineering using the Sigma rules that are generated by the Cymulate platform to improve their detection ratio. 

Custom Attack Scenarios 

This valuable new feature enables security teams to upload their own attack resources to the resource library to create custom scenarios and assessments specific to their business context. 

Custom Attack Scenarios

The resources section is a central hub for managing essential components used in scenario creation, offering both predefined and custom resources to tailor simulations to specific needs. Resources are categorized into multiple key types:  

  • Files used for testing email and web gateways, EDR, AV and DLP controls 
  • URLs for assessing phishing, malicious links and web security policies 
  • Executions enabling advanced attack simulations through scripts or YAML imports 
  • Phrases applicable in exfiltration and DLP testing to detect sensitive data leaks 
  • WAF Payloads designed to evaluate web application firewall (WAF) defenses 

Each resource can be tagged for easy categorization, improving organization and alignment with various security assessments. 

Daily Threat Feeds 

The daily threat feed extends the functionality of immediate threat assessments based on the latest threat actor campaigns. The Cymulate threat research team loads attack simulations into the platform on a daily basis with feeds from the cyber community including CISA. These assessments can be configured for auto-run, with notifications to security leaders whenever they are exposed to one of these immediate threats. The platform provides mitigation guidance and detection rules to help organizations protect against these new threats. 

Daily Threat Feeds 

Smart Templates 

smart templates

Smart templates are a new feature added to this latest release. The new smart templates are dynamic, meaning any new attack scenarios added to the workbench that match the criteria used to create the assessment template will be automatically included the next time the assessment gets launched.  

This feature makes it more efficient to run frequently scheduled assessments that dynamically include new attack scenarios at launch.  

Simplified delivery that saves time and effort 

In addition to creating a more streamlined experience with focused execution, we have also introduced new features that simplify delivery to save security teams time and effort. 

  • Ad-hoc assessment and replay: Quickly launch an existing assessment on an ad-hoc basis when you need to recheck the effectiveness of any mitigation actions you have implemented. 
  • Preview templates and scenarios: View detailed scenario information prior to the launch of an assessment. 
  • Pause and resume assessments: Pause and resume assessments for better control of assessment execution. 
  • Assessment tags and comments: Add tags and comments to your assessments and templates. 

Defending against the threat actor’s playbook 

The attack scenario workbench provides access to the industry’s richest library of threat actor tactics and techniques so you can validate how your defenses will stand up against the threat actors playbook. The Cymulate Exposure Validation Platform is a best-in-class solution that delivers key outcomes for: 

  • Security control validation 
  • True threat exposure awareness 
  • Automated offensive testing at scale 

The new platform release provides a more streamlined user experience that makes our customers more efficient when validating security controls and operational responses to the latest emerging threats. We empower users to mitigate security control weaknesses using the recommendations from the Cymulate platform.  

For more information on how Cymulate can help you focus on true threat exposures and reduce your cyber risk, download our platform data sheet and schedule a demo of the Cymulate Exposure Validation Platform. 

Yoni Harris
Yoni Harris
Yoni Harris is the Lead Product Manager for the Exposure Validation product-line at Cymulate. With deep cybersecurity expertise and a passion for innovation, he bridges defense and offense to build resilient solutions. Yoni is at the forefront of innovation, crafting tools that empower organizations to uncover and close critical security gaps.
More about Author
Table of Contents
Advanced product innovation from the new Cymulate platform  Delivering a streamlined assessment experience  Focused execution for the threats and environments that matter most  Defending against the threat actor’s playbook 
Cymulate Exposure Validation makes advanced security testing fast and easy. When it comes to building custom attack chains, it's all right in front of you in one place.
Mike Humbert, Cybersecurity Engineer
DARLING INGREDIENTS INC.
Learn More

Featured Resources

View More Resources
image
blog

Continuous Threat Exposure Management: Prioritizing Real Risks with Exposure Validation 

Security leaders recognize the value of proactive security and offensive testing to get ahead of cyber threats. They have made

Read More
image
Data Sheet

Cymulate Exposure Validation

Learn how Exposure Validation is the foundation for continuous automated red teaming. 

Read More
image
CUSTOMERS

Bank Stays Ahead of Attackers with Cymulate Security Validation

This team uses Cymulate to assess emerging threats, streamline response and justify investments.

Read Case Study

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo