Frequently Asked Questions

Nemours Case Study & Healthcare Use Cases

What challenges did Nemours face before using Cymulate?

Nemours' security team struggled with evaluating defenses against the latest threats, prioritizing remediation efforts due to false-positive alert fatigue, and improving incident response skills. As a healthcare organization, they also needed to protect sensitive patient and employee information from financially motivated cyber threats like ransomware and data theft. Source

How did Cymulate help Nemours improve its security posture?

Cymulate enabled Nemours to test defenses against emerging cyber threats, prioritize remediation, and improve incident response skills. The platform provided actionable insights, allowing the team to optimize security controls and reduce false positives. Source

What measurable results did Nemours achieve with Cymulate?

By implementing a single policy change recommended by Cymulate, Nemours prevented 168 exploit techniques from running on their computers. The team also saw reduced false positives and increased productivity. Source

How does Cymulate support incident response exercises for healthcare organizations?

Cymulate allows healthcare security teams to practice incident response by emulating real-world attacks, such as malware on VPN-connected endpoints. This helps teams improve their detection and response capabilities in a safe, controlled environment. Source

What benefits did Nemours experience from automated reporting in Cymulate?

Automated reporting after each assessment enabled Nemours to quickly identify security gaps and address them without manual intervention, streamlining the remediation process. Source

How did Cymulate help Nemours prioritize remediation efforts?

Cymulate provided visibility into which vulnerabilities and threats were most critical, allowing Nemours to focus patching and remediation on the areas with the highest risk and impact. Source

How does Cymulate help reduce false positives in security alerts?

By optimizing security controls and providing actionable insights, Cymulate helped Nemours reduce the number of false positives, enabling the team to focus on real threats and improve productivity. Source

What role did Cymulate play in Nemours' multi-layer security architecture?

Cymulate became an integral part of Nemours' multi-layer security architecture, helping to optimize existing controls and extend coverage across multiple environments. Source

How does Cymulate help healthcare organizations protect sensitive data?

Cymulate enables healthcare organizations to continuously assess their defenses against threats targeting electronically protected health information (e-PHI), ensuring compliance and reducing the risk of data breaches. Source

What types of threats can Cymulate simulate for healthcare organizations?

Cymulate can simulate a wide range of threats, including ransomware, malware, and attacks targeting healthcare-specific vulnerabilities, helping organizations evaluate and strengthen their defenses. Source

How does Cymulate help with compliance in the healthcare industry?

Cymulate assists healthcare organizations in demonstrating compliance by providing evidence of continuous security validation and effective controls for protecting sensitive data. Source

What feedback did Nemours' CISO provide about Cymulate?

Jim Loveless, CISO at Nemours, stated: "Cymulate enables us to test Nemours’ defenses against the latest cyber threats as they emerge, prioritize remediation efforts, and improve our security team's incident response skills." Source

How did Cymulate help Nemours respond to new threats?

When a new threat emerged, Nemours used Cymulate to simulate the attack and determine if their tools could detect or prevent it, enabling rapid assessment and response. Source

How did Cymulate impact Nemours' team productivity?

By reducing alert fatigue and providing clear remediation priorities, Cymulate increased the productivity of Nemours' security team, allowing them to focus on high-impact tasks. Source

How does Cymulate help identify effective countermeasures even when patches are unavailable?

Cymulate enables organizations to test which security controls are effective against the latest threats, even if patches are not yet available, ensuring ongoing protection. Source

How did Nemours extend Cymulate coverage across multiple environments?

After seeing Cymulate's effectiveness, Nemours expanded its use to cover multiple environments simultaneously, enhancing overall security visibility and control. Source

What is the size and industry of Nemours?

Nemours is a healthcare organization headquartered in Florida, USA, with 5,000–10,000 employees. Source

Where can I download the full Nemours case study?

You can download the full PDF case study of Nemours' experience with Cymulate at this link.

How can I learn more about Cymulate for healthcare organizations?

To learn more about how Cymulate supports healthcare organizations, visit the dedicated page at Cymulate in Healthcare.

Features & Capabilities

What are the key features of Cymulate's platform?

Cymulate offers continuous threat validation, breach and attack simulation (BAS), automated reporting, exposure prioritization, attack path discovery, automated mitigation, and an extensive threat simulation library updated daily. Source

Does Cymulate integrate with other security tools?

Yes, Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. For a full list, visit the Partnerships and Integrations page.

What technical documentation is available for Cymulate?

Cymulate provides guides, whitepapers, solution briefs, and data sheets covering topics like vulnerability management, detection engineering, exposure validation, and automated mitigation. Access these resources at the Resource Hub.

What security and compliance certifications does Cymulate have?

Cymulate holds SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1 certifications, demonstrating robust security and compliance practices. Source

How easy is it to implement Cymulate?

Cymulate is designed for quick, agentless deployment with minimal resources required. Customers can start running simulations almost immediately, and comprehensive support is available via email, chat, and educational resources. Source

What feedback have customers given about Cymulate's ease of use?

Customers consistently praise Cymulate for its intuitive, user-friendly interface and actionable insights. Testimonials highlight easy implementation, accessible support, and immediate value. Source

Pricing & Plans

What is Cymulate's pricing model?

Cymulate uses a subscription-based pricing model tailored to each organization's needs, based on the chosen package, number of assets, and scenarios. For a custom quote, schedule a demo.

Competition & Comparison

How does Cymulate compare to AttackIQ?

Cymulate offers broader innovation, a larger threat scenario library, and AI-powered capabilities for streamlined workflows compared to AttackIQ. Read more.

How does Cymulate differ from Mandiant Security Validation?

Mandiant Security Validation is an original BAS platform but has seen less innovation in recent years. Cymulate continually innovates with AI and automation, expanding into exposure management. Read more.

What makes Cymulate different from Pentera?

Pentera focuses on attack path validation, while Cymulate provides deeper exposure validation, defense optimization, and scalable offensive testing. Read more.

How does Cymulate compare to Picus Security?

Picus Security offers on-premise BAS, but Cymulate provides a more comprehensive exposure validation platform covering the full kill-chain and cloud control validation. Read more.

What are the advantages of Cymulate over SafeBreach?

Cymulate offers unmatched innovation, the industry’s largest attack library, and a full CTEM solution for comprehensive exposure validation and threat resilience. Read more.

How does Cymulate compare to Scythe?

Scythe is suitable for advanced red teams, while Cymulate provides a more comprehensive exposure validation platform with actionable remediation and automated mitigation. Read more.

Use Cases & Benefits

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, and vulnerability management teams in organizations of all sizes and industries, including healthcare, finance, retail, and more. Source

What business impact can customers expect from Cymulate?

Customers can achieve up to a 52% reduction in critical exposures, a 60% increase in team efficiency, and an 81% reduction in cyber risk within four months. Source

What core problems does Cymulate solve?

Cymulate addresses overwhelming threat volumes, lack of visibility, unclear risk prioritization, resource constraints, and operational inefficiencies by automating threat validation and exposure management. Source

How does Cymulate help with vulnerability management?

Cymulate validates exploitability, prioritizes exposures, and automates in-house validation between pen tests, enabling efficient vulnerability management. Source

How does Cymulate support communication with stakeholders?

Cymulate provides quantifiable metrics and actionable insights, helping security leaders communicate risk and justify investments to stakeholders. Source

Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo
CUSTOMERS

Nemours Increases Visibility to Improve Detection and Response

Overview
industry
Healthcare
HQ
Florida, USA
Company Size
5-10K employees
Jump to
Challenge The Cymulate Solution Benefits Solution
Want to Learn More?
Download PDF
Results
  • Improve security posture
  • Reduce false positives
  • Prioritize remediation activity

Cymulate enables us to test Nemours’ defenses against the latest cyber threats as they emerge, prioritize remediation efforts, and improve our security team's incident response skills.

- Jim Loveless, CISO

Challenge

The Nemours security department is comprised of a risk and governance team and an engineering and operations team, both led by CISO Jim Loveless. The security team is tasked with protecting its organization from evolving cyber threats, maintaining continuous healthcare services, and protecting the sensitive and personal information of its patients and employees.

The team needed a solution that could:

  • Evaluate its defenses against the latest threats

    As a healthcare organization, Nemours faces financially motivated cyber threats that attempt to disrupt its services, such as deploying ransomware or stealing electronically protected health information (e-PHI) for extortion.
  • Prioritize remediation efforts
    The security team faced false-positive alert fatigue and lacked visibility to prioritize tasks, including patching vulnerabilities in the face of new threats.
  • Improve its incident response skills and optimize security controls

Jim noted: “We had to increase the team’s productivity by reducing alert fatigue. We needed a better way to find where the real problems are and fix them.”

The Cymulate Solution

Nemours deployed Cymulate Breach and Attack Simulation (BAS) and saw immediate improvements by optimizing security controls in its existing multi-layer architecture. Jim noted that Cymulate has quickly become an integral part of Nemours' security architecture.

Eric Dixon, Engineering and Operations Manager, said “Cymulate showed us how to prevent half of the known exploit techniques from succeeding by making one policy change in our endpoint protection tool. We implemented that change and it prevented 168 exploits from being able to run on Nemours' computers.”

Nemours also uses Cymulate to practice incident response exercises, such as emulating malware on a VPN-connected endpoint. Once the team saw Cymulate in action, Nemours extended the coverage of the platform to simultaneously cover multiple environments.

Benefits

Emergent threat assessments

“We purchased Cymulate to assess our security effectiveness. When a new threat emerges we are immediately asked if Nemours is protected against this threat. With Cymulate’s capability, we are now able to answer that question by simulating the attack and seeing how our tools detect or prevent it.”

– Jim Loveless, CISO

Automated reporting following each assessment

“Following the assessment, we get a report back without the team having to get involved. This helps us immediately identify where our gaps are and fill them.”

– Jim Loveless, CISO

Increased team productivity

Just by using Cymulate, the team has enhanced their offensive skills, making them better defenders. It has also helped to reduce the amount of false positives through improvements in the security architecture and prioritizing patching efforts.

"Even if patches were not yet available, using Cymulate, we know which countermeasures are effective against the latest threats."

– Jim Loveless, CISO

Solution

  • Breach and attack simulation

Find out what we can do for you

See how Cymulate can help you increase team productivity and improve your cyber defenses.

Book a Demo

Read More Customer Stories

View More Resources
image
CUSTOMERS

Cymulate in Healthcare

Learn why healthcare organizations choose Cymulate.

Read Case Study
image
CUSTOMERS

Hertz Israel

Learn how Hertz Israel validated its security controls and reduced cyber risk by 81%.

Read Case Study
image
CUSTOMERS

Civil Engineering Organization

Read how this organization goes beyond security control validation with Cymulate.

Read Case Study

GET A PERSONALIZED DEMO

Ready to see Cymulate in action?

Book a Demo