Cymulate is easy to implement and use. All you need to do is click a few buttons, and you receive a lot of practical insights into how you can improve your security posture.
– Raphael Ferreira, Cybersecurity Manager
Challenge
For Banco PAN, cybersecurity excellence means more than just passing its next audit. While the security team at the mid-size Brazilian commercial bank is required to report an external risk score to the Brazilian Central Bank, the CISO wanted more visibility into Banco PAN’s cybersecurity efficacy.
In addition to a cybersecurity risk rating platform to assess its external risk, Banco PAN also outsourced manual pen tests and utilized a vulnerability management tool. However, this did not provide enough transparency into how the bank’s security controls were performing.
Banco PAN wanted a platform that could provide them with:
A comprehensive risk score that considered the efficacy of all its security controls
Continuous security control validation and optimization
Realistic simulated attacks to test against lateral movement
Intelligence and assessments against emergent threats
The Cymulate Solution
Banco PAN evaluated various security validation platforms and decided to implement Cymulate because it provided the most comprehensive and user-friendly solution. Banco PAN appreciated that Cymulate provides a wide range of customizable attack simulations in different operating systems, real-time insights, and integration capabilities with its vulnerability management tool, EDR and other tools.
Raphael Ferreira, Cybersecurity Manager at Banco PAN, elaborated, “We didn’t realize how many different use cases a security control validation platform could provide. Cymulate does so much more than we expected.”
Raphael explained that Banco PAN uses Cymulate to:
Benchmark and measure cybersecurity performance over time
“We use the Cymulate risk score to benchmark our cybersecurity efficacy and security control performance. It enables us to create KPIs and a common goal to work towards. We also use these metrics to report our cyber risk score to the Brazilian Central Bank.”
Continuously assess and optimize security controls
“Cymulate allows us to see if we need to fine-tune the controls we already have, replace a control or add another control to our security stack. If we do add a new control, it helps us tune it to perfection and ensure it continues doing its job as time passes.”
Automate assessments to test against lateral movement
“The Cymulate network pen testing capability (Hopper) continuously helps us see where we have gaps in our group policies, and it provides guidance on the best and most efficient way to close those gaps. It’s like having a specialist inside our network all the time, testing everything automatically, so we can continually improve the security of our infrastructure.”
Test against emergent threats
“Cymulate continuously updates the platform with assessments of emergent threats and vulnerabilities, so we can test them against our EDR and understand how the control would respond if attacked.”
Prioritize vulnerabilities with validation
“We integrated Cymulate with our vulnerability management to validate each vulnerability and understand if there are compensating controls in place protecting us. It helps us focus and prioritize the high-risk vulnerabilities that are exploitable in our environment.”
Benefits
The Cymulate platform provides Banco PAN with these additional benefits:
Increased SecOps efficiency After a Cymulate assessment, the SecOps team utilizes easy-to-digest remediation guidance to fine-tune its security controls. With the push of a button, the SecOps team automatically re-runs the assessment to validate its activities. The team works independently without waiting for a red team to re-run assessments for them, saving significant time and resources.
Near real-time feedback The security team can make data-based decisions regarding Banco PAN’s security based on the immediate feedback and insights it receives from the Cymulate assessments.
Compliance assurance The team uses Cymulate to assess and demonstrate compliance with various cybersecurity standards and regulations while also ensuring adherence to the banking industry’s best practices.
