How much did Hertz Israel reduce its cyber risk using Cymulate?

Hertz Israel reduced its overall cyber risk by 81% within just four months of using Cymulate. This significant reduction was achieved by continuously validating and optimizing their security controls with the Cymulate platform. Source

What specific security risks did Hertz Israel reduce with Cymulate?

Hertz Israel reduced its network security risk by 98% and overall cyber risk by 81% after configuring and fine-tuning its firewall, web application firewall, endpoint, and email gateway using Cymulate's continuous validation capabilities. Source

How quickly can organizations see results with Cymulate?

Organizations like Hertz Israel have seen measurable results within four months, including an 81% reduction in cyber risk. The platform's agentless mode and ease of deployment allow for rapid implementation and immediate value. Source

How did Cymulate help Hertz Israel validate new security controls?

Hertz Israel used Cymulate to independently validate the effectiveness of newly configured security controls. The platform revealed that a new control was not monitoring or mitigating threats as expected, prompting further optimization. Source

What is the Hopper capability in Cymulate and how did Hertz Israel use it?

The Hopper capability in Cymulate enables automated network penetration testing. Hertz Israel used Hopper to simulate attacker scenarios, initially scoring 100/100 in risk, and reduced this to 2/100 after remediation. Source

How does Cymulate help organizations baseline risk and monitor security drift?

Cymulate allows organizations to create a risk baseline and receive alerts whenever risk increases, enabling immediate action to address new exposures or configuration changes. Source

How does Cymulate support organizations as their security maturity grows?

Cymulate's suite of products is designed to scale with an organization's security maturity. As teams master one aspect of security, the platform supports further challenges and advanced validation needs. Source

How does Cymulate help with vendor management and contract terms?

Hertz Israel includes Cymulate risk score reduction requirements in vendor contracts to ensure new solutions are fully optimized in their security environment, demonstrating trust in Cymulate's validation capabilities. Source

What types of reports does Cymulate provide to support business and technical communication?

Cymulate provides both business and technical reports. Business reports help communicate risk and improvements to stakeholders, while technical reports enable targeted, data-driven discussions with IT teams. Source

How does Cymulate's customer support contribute to success?

Cymulate offers excellent customer support, including weekly meetings with the customer success team, ensuring organizations use the platform to its full potential. Source

What Cymulate solutions did Hertz Israel use?

Hertz Israel used Breach and Attack Simulation (BAS) and Automated Network Pen Testing (Hopper) to assess, optimize, and validate the effectiveness of their security controls. Source

How does Cymulate compare to manual penetration testing?

Cymulate enables more extensive and frequent testing than manual penetration tests. It allows organizations to run assessments in less than 30 minutes and provides real-time visibility, whereas manual pen tests are resource-intensive and only offer point-in-time results. Source

How does Cymulate help organizations with small security teams?

Cymulate automates security validation, making it possible for small teams to continuously assess and optimize controls without the need for extensive resources or frequent manual testing. Source

Why did Mayer's Cars and Trucks Ltd purchase Cymulate after Hertz Israel's success?

After witnessing the measurable reduction in cyber risk and operational improvements at Hertz Israel, Mayer's Cars and Trucks Ltd also adopted Cymulate to enhance their own security posture. Source

How does Cymulate help organizations take an 'assume breach' approach?

Cymulate's Hopper capability allows organizations to simulate attacker scenarios and understand potential impacts if defenses are breached, supporting an 'assume breach' security strategy. Source

What is the business impact of using Cymulate?

Organizations using Cymulate can expect improved security posture, operational efficiency, faster threat validation, cost savings, enhanced threat resilience, and better decision-making. For example, Hertz Israel achieved an 81% reduction in cyber risk and 98% reduction in network security risk. Source

What are the key capabilities of Cymulate's platform?

Cymulate offers continuous threat validation, a unified platform for BAS and CART, attack path discovery, automated mitigation, AI-powered optimization, complete kill chain coverage, ease of use, and an extensive threat library with over 100,000 attack actions. Source

How does Cymulate help organizations with fragmented security tools?

Cymulate integrates exposure data and automates validation, providing a unified view of the security posture and addressing gaps caused by disconnected tools. Source

What features does Cymulate offer for continuous security validation?

Cymulate provides continuous threat validation through automated attack simulations, exposure prioritization, attack path discovery, automated mitigation, and a comprehensive threat library. These features enable organizations to validate defenses in real time and prioritize remediation. Source

Does Cymulate integrate with other security technologies?

Yes, Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. For a complete list, visit the Partnerships and Integrations page .

What technical documentation is available for Cymulate?

Cymulate provides guides, whitepapers, solution briefs, and data sheets covering topics such as vulnerability management, detection engineering, exposure validation, automated mitigation, and more. Access these resources at the Resource Hub .

How easy is Cymulate to implement and start using?

Cymulate is designed for rapid, agentless deployment with no need for additional hardware or complex configurations. Customers can start running assessments within minutes, and the platform offers comprehensive support and educational resources to ensure a smooth onboarding experience. Source

What feedback have customers given about Cymulate's ease of use?

Customers consistently praise Cymulate for its intuitive interface and ease of use. For example, Raphael Ferreira, Cybersecurity Manager, said, 'Cymulate is easy to implement and use—all you need to do is click a few buttons, and you receive a lot of practical insights into how you can improve your security posture.' Source

What is Cymulate's pricing model?

Cymulate uses a subscription-based pricing model tailored to each organization's needs. Pricing depends on the chosen package, number of assets, and scenarios required. For a personalized quote, schedule a demo with the Cymulate team.

What security and compliance certifications does Cymulate have?

Cymulate holds SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1 certifications, demonstrating adherence to industry-leading security and privacy standards. Source

How does Cymulate ensure data security and privacy?

Cymulate uses encryption for data in transit (TLS 1.2+) and at rest (AES-256), hosts data in secure AWS data centers, and follows a strict Secure Development Lifecycle (SDLC) with regular vulnerability scanning and third-party penetration tests. Source

Is Cymulate GDPR compliant?

Yes, Cymulate incorporates data protection by design and has a dedicated privacy and security team, including a Data Protection Officer (DPO) and Chief Information Security Officer (CISO), to ensure GDPR compliance. Source

How does Cymulate compare to AttackIQ?

Cymulate surpasses AttackIQ in innovation, threat coverage, and ease of use. It offers an industry-leading threat scenario library and AI-powered capabilities to streamline workflows and accelerate security posture improvement. Read more

How does Cymulate compare to Mandiant Security Validation?

Mandiant Security Validation is an original BAS platform but has seen little innovation in recent years. Cymulate continually innovates with AI and automation, expanding into exposure management and maintaining a leadership position. Read more

How does Cymulate compare to Pentera?

Pentera focuses on attack path validation but lacks the depth Cymulate provides for fully assessing and strengthening defenses. Cymulate optimizes defense, scales offensive testing, and increases exposure awareness. Read more

How does Cymulate compare to Picus Security?

Picus Security offers an on-premise BAS option but lacks the comprehensive exposure validation platform Cymulate provides, which covers the full kill-chain and includes cloud control validation. Read more

How does Cymulate compare to SafeBreach?

Cymulate outpaces SafeBreach with unmatched innovation, precision, and automation. It offers the industry’s largest attack library, a full CTEM solution, and comprehensive exposure validation. Read more

How does Cymulate compare to Scythe?

Scythe is suitable for advanced red teams building custom attack campaigns, but Cymulate provides a more comprehensive exposure validation platform with actionable remediation and automated mitigation. Read more

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, and vulnerability management teams in organizations of all sizes and industries, including finance, healthcare, retail, media, transportation, and manufacturing. Source

What pain points does Cymulate address for security teams?

Cymulate addresses fragmented tools, resource constraints, unclear risk prioritization, cloud complexity, communication barriers, inadequate threat simulation, operational inefficiencies, and post-breach recovery challenges. Source

How does Cymulate tailor solutions for different security roles?

Cymulate provides quantifiable metrics for CISOs, automates processes for SecOps, offers automated offensive testing for red teams, and enables efficient vulnerability prioritization for vulnerability management teams. Source

CUSTOMERS

Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate

Overview

industry

Transportation

Israel

Company Size

500-1K employees

Jump to

Challenge The Cymulate Solution Benefits Solution

Want to Learn More?

Download PDF

Results

Independently validate security controls
Baseline and score internal cyber risk
Reduced cyber risk by 81%
Reduced network security risk by 98%

I use many security solutions, but Cymulate is a must if you want to ensure your organization is safe from cyber threats. It's easy to use, intuitive, and the customer support is unparalleled.

- Ariel Kashir, CISO

Challenge

Hertz Israel, the Israeli franchise of Hertz Company, is owned by Mayer's Cars and Trucks Ltd. and has 60 sites throughout the country. With a small security team, CISO Ariel Kashir outsourced threat monitoring but recognized that annual penetration tests only provided a point-in-time snapshot view of the Hertz Israel security. He knew that proactive security needed a more continuous approach to seek out gaps and improve defenses before the next attack.

Like most security teams, Hertz Israel did not have the internal resources to manually validate its security controls on a regular basis. Additionally, the security team often lacked visibility to changes in the IT infrastructure and applications that could cause security drift.

Although Ariel was not looking for a continuous security validation tool, he recently invested in a new security control and decided to conduct a POC with Cymulate to see if the control was integrated and tuned correctly.

Ariel recalled, “When I ran the Cymulate assessment against my newly configured security control, I discovered that it wasn’t monitoring or mitigating threats the way I expected it to. I realized then that I needed a solution like Cymulate to independently validate Hertz’s security.”

The Cymulate Solution

Hertz utilized the Cymulate platform by focusing on each of its security controls, one by one, and assessing, optimizing, and validating their efficacy. Within 4 months, after the security team configured a new firewall and finetuned its web application firewall, endpoint and email gateway, the team reduced its cyber risk by 81%.

After seeing Hertz Israel benefit from Cymulate, Mayer's Cars and Trucks Ltd also purchased the Cymulate platform.

Ariel explained that Hertz uses Cymulate to:

Continuously validate its security controls

“We don’t have the budget or resources to run pen tests after every update to security controls. With Cymulate, it takes less than 30 minutes to run assessments and understand if the control is actually protecting your organization. It's like having an in-house pen tester at your fingertips.”

Take an “assume breach” approach to security

“The Cymulate Hopper capability allows us to understand what can happen if an attacker gets through our defenses and into our network. When we ran the initial Hopper assessment, our risk score was 100/100, and after a short period, we worked to get our score down to 2/100.”

Baseline risk and monitor security drift

“Now that we have visibility of our security controls, Cymulate enables us to create a baseline and receive alerts whenever our risk increases to address the problem immediately.”

Gradually increase the organization’s security maturity

“I know that the Cymulate suite of products can grow with our organization as we increase our security maturity. Once we master one aspect of our security, the Cymulate platform will support us as we move on to the next challenge.”

Create vendor terms and conditions

“When I add a new vendor and want to ensure that its solution is fully optimized in my security environment, I include in the contract that the vendor must reduce my Cymulate risk score by X amount. This is the trust that I put in the Cymulate platform.”

Benefits

Breadth and depth of testing
Cymulate provides an extensive library of threat intelligence-led risk assessments that are simple to deploy and regularly updated, enabling the team to test its security more extensively than it was able to do before with manual penetration tests.

Real-time visibility
The Cymulate business reports enable Ariel to improve communication with the organization’s stakeholders. In addition, the technical reports allow for targeted data-based discussions with the IT team on reducing risk.

Business and technical reporting
The Cymulate business reports enable Ariel to improve communication with the organization’s stakeholders. In addition, the technical reports allow for targeted data-based discussions with the IT team on reducing risk.

Excellent customer support
The continued support and weekly meetings with the customer success team ensure that Hertz uses the platform to its full potential.

Solution

Breach and Attack Simulation (BAS)
Automated Network Pen Testing (Hopper)

Find out what we can do for you

See how Cymulate can help you quickly reduce cyber risk by optimizing your security controls.

Book a Demo

Ready to see Cymulate in action?