Breach and Attack Simulation Leader, Cymulate, Launches Industry’s First Agentless APT Simulation to Validate Security Posture

Empowers Enterprises and SMBs to test their security posture against the world’s most deadly attacks at the touch of a button

Rishon Lezion, Israel – September 19, 2019 – Cymulate, a comprehensive, on-demand SaaS-based Breach and Attack Simulation (BAS) platform, today reveals its Agentless APT (Advanced Persistent Threat) Simulation, which replicates the most authentic experience of how such an attack would penetrate an organization’s network and identifies gaps across the entire kill chain.

Often conducted by skilled hackers, APTs usually originate from either cyber criminals seeking personal financial information and intellectual property or from state-sponsored cyber attacks designed to steal data and compromise infrastructure. APTs utilize multiple vectors and entry points to navigate a company’s security defences and breach a network. Once inside the network, detection can be evaded for months as lateral movement is carried out below the radar in order to access their prized bounty. Recent research shows the ‘breakout time’ – the time it takes for an intruder to begin moving laterally from patient zero – of a Russian-based APT threat actor now averages around 18 minutes. A United Nations report claims that North Korea has amassed $2 billion through the use of widespread and increasingly sophisticated cyberattacks.

According to Cymulate’s Research Lab, exposure to APT attacks remains high for organizations globally.

  • 70% of organizations are vulnerable to Turla’s APT malware, Russian-speaking actors who recently revamped their arsenal to target government entities
  • 85% of organizations are vulnerable to Russian-speaking APT group Silence, now becoming a major threat to banks and financial institutions globally
  • 77% of organizations are vulnerable to TA505 actors, a Russian threat aimed at financial entities globally
  • 85% of organizations are vulnerable to Chinese APT ‘Operation LagTime IT, currently targeting government IT agencies in East Asia

Cymulate’s Agentless APT Simulation enables security teams to preview how hackers can reach their company’s crown jewels, helping red teams to test and validate, while assisting blue teams to proactively remediate gaps and optimize the attack surface, keeping APT risk to a minimum.

“We’re empowering companies to simulate destructive APT attacks exactly as they would be experienced in real life, without requiring advance preparation or integration work by security teams or highly skilled resources,” says Avihai Ben-Yossef, Cymulate’s CTO. “Our technology provides the simplest route to test the most sophisticated cyberattacks in the wild on production environments in an extremely cost-effective manner.”

Cymulate’s SaaS-based BAS platform enables organizations to automatically assess and improve their overall security posture in minutes by continuously testing defences with simulations of the latest threats in the wild against a variety of attack vectors and APT attack configurations.  Simulations, which can be run on-demand, or scheduled to run at regular intervals, provide specific, actionable insights and data on where a company is vulnerable, and how to amend the security gaps.

About Cymulate

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowers companies to safeguard their business-critical assets. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it—making security continuous, fast and part of every-day activities.

For more information, visit and register for a Free Trial.

Media Contact for Cymulate:
Diane Mckaye
Silicon Valley Communications
[email protected]

*Gartner, Cool Vendors in Application and Data Security, 4 May 2018


Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranty of merchantability or fitness for a particular purpose.