Cymulate Cyclone

Cymulate Cyclone enables pen-testing service providers to craft, automate and deliver purple teaming exercises that help their customers actively protect their network. Cyclone-based services optimize SOC detection capabilities, hone threat hunting skills and improve incident response processes.

Building upon the success of the Purple Team module for enterprise, Cymulate Cyclone is an exclusive offering for security service providers. It is a highly customizable, automated, template-driven purple teaming platform that leverages and scales pen-testing expertise. Unlike traditional automated pen-testing solutions that only offer the adversary perspective, Cymulate Cyclone integrates with security controls to also provide the defender’s findings and correlates them with attacker actions. The platform’s rich repository of attack resources and scenarios provides immediate value out-of-the-box. Boosting productivity, it automates repetitive efforts, providing expert pen testers the means to craft sophisticated and unique purple team exercises and scenarios that can be automated and reused, empowering junior team members and freeing the experts to focus on more demanding activities.

Service Offerings Include

Automate Purple Teaming
Help your customer develop their threat hunting capabilities, optimize threat-detection technology and exercise incident response playbooks.
Craft, automate and launch attack scenarios
Correlate security-control findings and validate their effectiveness
APT Group Resiliency
Simulate APT attacks to identify areas for improvement:
Detection and prevention
Containment and mitigation
Artifact gathering and cyber forensics
SOC Validation
Improve SOC performance and help improve key metrics:
Detection and alerting efficacy
Mean time to detect
Mean time to response

Bringing together customizable attack scenarios and red teaming, together with blue teaming detections, events, and alerts provides the following efficiencies:

*Auto-correlate security-control findings to attacks
*Auto-generate reports mapped to MITRE ATT&CK®
*Easily generate Sigma rules with the platform based on findings
*Export findings to MITRE ATT&CK Navigator

Automation and granular customizability help to capture and scale existing expertise. Expert pen testers and red teamers can create reusable and modifiable template-based assessments with flexibility to focus on a specific stage of an attack or recreate full kill chain APT scenario. These are shareable and can be reused in different service offerings and customer engagements by pen-testing team members of all skill levels. Templates can be used to create and automate routine and base-line assessments for additional efficiencies. Cyclone customizability provides full transparency to modify execution syntax, inputs, outputs, dependencies, and success factors. Cymulate Cyclone reporting provides a wealth of information including, mapping to MITRE ATT&CK TTPs, execution code, success indicators and output, IOCs, detection, and mitigation guidance.

Operationalize Threat Intelligence
& the MITRE ATT&CK framework

To continuously challenge, assess and optimize security operations.

MITRE ATT&CK
Implementation

Threat Intelligence
Assessments

Custom
Scenarios

Attack simulations
IT, Cloud, and
Security
Infrastructure
Logs
SIEM
SOAR
Correlated
Findings

via API
SIEM/SOAR optimization
Cymulate
Portal
Output
Custom SIEM Queries
Sigma Rules,
IoCs and IoBs
Detection and
Mitigations Guidance
Custom SIEM Queries
Sigma Rules,
IoCs and IoBs
Detection and
Mitigations Guidance
SIEM/SOAR optimization
Output
SIEM
SOAR
Correlated
Findings

via API
Cymulate
Portal

Product Features

*Fully aligned to the MITRE ATT&CK framework for the creation, execution, and analysis of assessments

*Comes loaded with a rich repository of resources, including out-of-the-box assessment templates, executions, payloads, tools, and Sigma rules

*Upload or create your own templates, assessments, payloads, executions, tools and Sigma rules

*Create and modify executions in BASH, powershell, CMD, Python and more

*Auto-correlate security-control findings to attacks via API integrations with security controls

*Executive and technical reports generated after each assessment for efficient and comprehensive customer reporting

*Automate and schedule assessments

*Full support of Windows, MacOS, and Linux Operating Systems

Learn More

Keyboard Type

Podcast

Light Up Your Security: Purple Team Automation

Listen now to learn how BAS solutions make Purple Team exercises more comprehensive, actionable, and most importantly repeatable

LISTEN NOW
Discussion

Podcast

Essential Purple Teaming Management

Listen to cyber evangelist Dave Klein on the podcast with guest InfoSecSherpa Tracey Maleeff to learn how to optimize purple teaming.

LISTEN NOW
Meeting

Video

Operationalizing Purple Teaming

Join Senior Solutions Architect Arien Seghetti and Gerald Auger of SimplyCyber to dig in and really explore this new capability to understand how you can shift from blue or red to purple.

WATCH NOW