Frequently Asked Questions

Threat Research & Industry Trends

What were the key findings from Cymulate's 2021 threat research?

Cymulate's 2021 research revealed a 36.5% increase in unique threats in the wild, rising to 819 from the previous year. Phishing attacks surged by 161%, and user accounts lacking multi-factor authentication were extensively abused. The technology sector was identified as the most vulnerable, followed by critical infrastructure and manufacturing. Web Application Firewalls (WAFs) were found to be the least effective security solution, making them prime targets for adversaries. (Source: Cymulate Research Unique Threats 2021)

Which industries were most at risk according to Cymulate's research?

The technology sector was the most vulnerable industry in 2021, followed by critical infrastructure and manufacturing. The technology industry saw a dramatic increase in spear-phishing attacks, while critical infrastructure's main risk was data exfiltration. (Source: Cymulate Research Unique Threats 2021)

What attack techniques did adversaries use most in 2021?

Attackers exploited overly permissive accounts without multi-factor authentication, malicious Microsoft Macros, Adobe PDF extensions, benign decoy files, and Windows API functions resolved at run-time. These techniques enabled successful attacks and rapid escalation post-exploit. (Source: Cymulate Research Unique Threats 2021)

What were the most common threats organizations faced in 2021?

Top threats included ransomware families like LockBit, Conti, and Dharma, as well as HAFNIUM, TeamTNT, APT29 with Log4j abuse, Reg XX, and privilege escalation via Active Directory flaws. (Source: Cymulate Research Unique Threats 2021)

How did the number of security assessments change in 2021?

The number of security teams running assessment campaigns and scenarios grew by 66% in 2021 compared to 2020. Many enterprises chose to run at least one assessment per day, enabling immediate corrective actions. (Source: Cymulate Research Unique Threats 2021)

What regions were most vulnerable to cyber threats in 2021?

The Americas were the most vulnerable region, facing immediate threats from data exfiltration and WAF attacks, while APAC experienced the highest number of phishing attempts. (Source: Cymulate Research Unique Threats 2021)

How does Cymulate's risk score help organizations?

The Cymulate risk score provides a quantifiable metric that enables customers to prioritize mitigation activities, track performance, and benchmark themselves over time. (Source: Cymulate Research Unique Threats 2021)

Where can I access the full 2021 Cymulate threat research report?

You can access the full report at https://cymulate.com/resources/2021-cybersecurity-effectiveness/.

What is Cymulate's approach to benchmarking security posture?

Cymulate enables organizations to benchmark their security posture using anonymized, aggregated data from simulated attack scenarios and campaigns across its global user base. This allows organizations to compare their risk scores and performance against industry peers. (Source: Cymulate Research Unique Threats 2021)

How does Cymulate help organizations respond to emerging threats?

Cymulate provides out-of-the-box, expert, and threat intelligence-led risk assessments that are simple to deploy and use for all maturity levels. The platform is constantly updated to reflect the latest threat landscape, enabling organizations to take immediate corrective actions. (Source: Cymulate Research Unique Threats 2021)

Product Features & Capabilities

What are the core features of the Cymulate platform?

Cymulate offers a unified platform that combines Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), and Exposure Analytics. Key features include continuous threat validation, attack path discovery, automated mitigation, cloud validation, and integration with the MITRE ATT&CK® framework. (Source: Cymulate Platform)

Does Cymulate support automated red and purple teaming?

Yes, Cymulate provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to unique environments and security policies. (Source: Cymulate Research Unique Threats 2021)

How does Cymulate integrate with existing security tools?

Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, and more. For a full list, visit the Partnerships and Integrations page.

What technical documentation is available for Cymulate?

Cymulate provides whitepapers, guides, data sheets, solution briefs, and reports covering topics like exposure management, email threat validation, detection engineering, vulnerability management, and more. Access these resources at the Resource Hub.

How often is Cymulate's threat library updated?

Cymulate provides the most advanced library of attack simulations with daily updates, ensuring customers stay ahead of emerging threats. (Source: Why Cymulate)

What is Cymulate's approach to exposure validation?

Cymulate automates exposure validation by simulating real-world threats, prioritizing vulnerabilities based on exploitability, and providing actionable remediation steps. The platform covers the full attack lifecycle and integrates with security controls for automated mitigation. (Source: Exposure Validation)

How does Cymulate help with cloud security validation?

Cymulate offers dedicated validation features for hybrid and cloud environments, integrating with cloud security solutions like AWS GuardDuty, Check Point CloudGuard, and Wiz. (Source: Cloud Security Validation)

What is Cymulate's deployment model?

Cymulate is a SaaS-based platform that deploys within an hour and operates in agentless mode, requiring no additional hardware or complex configurations. (Source: Cymulate Research Unique Threats 2021)

How easy is it to implement Cymulate?

Cymulate is designed for quick and seamless implementation. Customers can start running simulations almost immediately after deployment, with minimal resources required. The platform integrates easily into existing workflows and offers comprehensive support and educational resources. (Source: Knowledge Base)

What feedback have customers given about Cymulate's ease of use?

Customers consistently praise Cymulate for its intuitive, user-friendly interface and ease of use. For example, Raphael Ferreira, Cybersecurity Manager at Banco PAN, stated: "Cymulate is easy to implement and use—all you need to do is click a few buttons, and you receive a lot of practical insights into how you can improve your security posture." (Source: Customer Quotes)

Security, Compliance & Trust

What security and compliance certifications does Cymulate hold?

Cymulate holds SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1 certifications. These cover security, availability, confidentiality, privacy, and cloud security standards. (Source: Security at Cymulate)

How does Cymulate protect customer data?

Cymulate is hosted in secure AWS data centers with multiple data locality choices. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). The platform includes high availability, redundancy, and a tested disaster recovery plan. (Source: Security at Cymulate)

Is Cymulate GDPR compliant?

Yes, Cymulate incorporates data protection by design and has a dedicated privacy and security team, including a Data Protection Officer (DPO) and a Chief Information Security Officer (CISO). (Source: Security at Cymulate)

What application security practices does Cymulate follow?

Cymulate is developed using a strict Secure Development Lifecycle (SDLC), including secure code training, continuous vulnerability scanning, software composition analysis, and annual third-party penetration tests. (Source: Security at Cymulate)

How does Cymulate ensure employee security awareness?

All Cymulate employees receive ongoing security awareness training, are subject to phishing campaign tests, and must adhere to comprehensive security policies. (Source: Security at Cymulate)

Pricing & Plans

What is Cymulate's pricing model?

Cymulate operates on a subscription-based pricing model tailored to each organization's requirements. Pricing depends on the package, number of assets, and scenarios selected. For a detailed quote, schedule a demo with the Cymulate team. (Source: Knowledge Base)

Use Cases & Target Audience

Who is Cymulate designed for?

Cymulate is designed for CISOs and security leaders, SecOps teams, red teams, and vulnerability management teams in organizations across industries such as media, transportation, financial services, healthcare, and critical infrastructure. (Source: Knowledge Base)

What business impact can customers expect from using Cymulate?

Customers have reported an 81% reduction in cyber risk within four months, a 60% increase in team efficiency, a 52% reduction in critical exposures, and a 30% improvement in threat prevention. (Source: Hertz Israel Case Study)

What pain points does Cymulate solve?

Cymulate addresses overwhelming threat volume, lack of visibility, unclear prioritization, operational inefficiencies, fragmented security tools, cloud complexity, and communication barriers for CISOs. (Source: Knowledge Base)

How does Cymulate tailor its solutions for different roles?

Cymulate provides quantifiable metrics for CISOs, automates processes for SecOps teams, offers advanced offensive testing for red teams, and consolidates risk insights for vulnerability management teams. (Source: Knowledge Base)

Competition & Comparison

How does Cymulate compare to AttackIQ?

Cymulate offers the industry's leading threat scenario library and AI-powered capabilities for workflow automation and security posture improvement. AttackIQ provides automated security validation but lacks Cymulate's innovation, threat coverage, and ease of use. (Source: Cymulate vs AttackIQ)

How does Cymulate compare to Mandiant Security Validation?

Mandiant Security Validation is one of the original BAS platforms but has seen minimal innovation in recent years. Cymulate continually innovates with AI and automation, expanding into exposure management and maintaining grid leadership. (Source: Cymulate vs Mandiant)

How does Cymulate compare to Pentera?

Pentera focuses on attack path validation but lacks the depth Cymulate provides for full kill chain and cloud control validation. Cymulate offers comprehensive exposure validation and a broader range of capabilities. (Source: Cymulate vs Pentera)

How does Cymulate compare to Picus Security?

Picus is suitable for those seeking an on-premise BAS vendor, while Cymulate is the better choice for a complete exposure validation platform with full kill chain and cloud control validation. (Source: Cymulate vs Picus)

How does Cymulate compare to SafeBreach?

Cymulate outpaces SafeBreach with unmatched innovation, precision, and automation. Cymulate is the pioneer of AI-powered BAS and offers the industry's largest attack library and a full CTEM solution. (Source: Cymulate vs SafeBreach)

How does Cymulate compare to Scythe?

Scythe is suitable for advanced red teams building custom attack campaigns but lacks Cymulate's ease of use, continuous validation, and actionable remediation. Cymulate provides a more complete exposure validation platform with automated mitigation and a library of over 100,000 attack actions. (Source: Cymulate vs Scythe)

Company Information & News

What is Cymulate's company history and global presence?

Cymulate was founded in 2016 and has customers in 50 countries, with offices in 8 locations worldwide and over 1,000 customers. (Source: About Us)

What is Cymulate's mission and vision?

Cymulate's mission is to empower organizations to manage their security posture effectively and proactively, driving lasting change in cybersecurity through its Exposure Management Platform. (Source: About Us)

Where can I find Cymulate's newsroom and press releases?

You can access the latest company announcements, press releases, and media coverage in leading publications in Cymulate's newsroom.

Has Cymulate received any industry recognition?

Yes, Cymulate was named a Market Leader for Automated Security Validation by Frost & Sullivan and a Customers' Choice in the 2025 Gartner Peer Insights. (Source: Press Release)

Cymulate named a Customers' Choice in 2025 Gartner® Peer Insights™
Learn More
New Case Study: Credit Union Boosts Threat Prevention & Detection with Cymulate
Learn More
New Research: Cymulate Research Labs Discovers Token Validation Flaw
Learn More
An Inside Look at the Technology Behind Cymulate
Learn More
Book a Demo
Book a Demo

Cymulate research reveals unique threats in the wild rose by over 35% in 2021

February 9, 2022

New York, NY and Tel Aviv (February 9th, 2022) - Cymulate, the Extended Security Posture Management market leader, today announced a summary of its platform usage in 2021 illustrating that web application firewalls are the least effective security solutions, making them prime targets for adversaries and high-risk points for organizations. Highlights include:
  • Overall unique threats in the wild increased to 819 in 2021, up 36.5% from 2020
  • Phishing attacks rose by 161% during 2021
  • User accounts that lack any form of multi-factor authentication are extensively abused
  • In 2021, post-exploit activity quickly escalated into enterprises' infrastructure - expanding the extent of the initial compromise and complicating remediation
  • The number of security teams running assessment campaigns and scenarios grew by 66% in 2021 compared to 2020, with many enterprises choosing to run at least one assessment per day, taking corrective actions immediately.
Top threats that most companies were at risk from in 2021 include LockBit, Conti and Dharma ransomware, HAFNIUM, TeamTNT, and APT29 with Log4j abuse, Reg XX, and escalation of privileges via Active Directory flaws expected to continue in 2022. The full report can be accessed here While the majority of companies are at medium risk of attacks, the technology sector is the most vulnerable followed by critical infrastructure and manufacturing. Risks to the technology industry increased dramatically in 2021 from 2020 with a rise in spear-phishing attacks attempting to gain a foothold.  The weakest link however remained the Web Application Firewall and phishing awareness. While the critical infrastructure sector’s most problematic area is data exfiltration, i.e. the unauthorized movement of data or data theft. “Every industry today depends on IT for business success and this is driven by digital innovation through applications,” said Eyal Wachsman, CEO, and Co-Founder of Cymulate. "Attackers however have become very adept at taking advantage of existing gaps left by the rush towards productivity and adapting progressing information architectures. And when organizations fail to put metrics in place for their security programs, these gaps remain open and can lead to devastating consequences from immediate threats and data theft.” Additional key findings:
  • The Americas are the most vulnerable region, with the most immediate threats from Data Exfiltration and WAF, while APAC had the most phishing attempts.
  • Attackers took full advantage of overly permissive accounts without multi-factor authentication (MFA), malicious Microsoft Macros and Adobe PDF extensions as well as benign decoy files and Windows API functions resolved at run-time, to launch successful attacks
The research report is conducted across hundreds of Cymulate’s customers across all geographies and verticals, including healthcare, finance, critical infrastructure, manufacturing and more. The results are based on anonymized aggregated data of simulated attack scenarios and campaigns of Cymulate’s global user base. The Cymulate risk score provides a quantifiable metric that enables customers to prioritize their mitigation activity, track performance, and benchmark themselves over time. About Cymulate Cymulate SaaS-based Extended Security Posture Management (XSPM) deploys within an hour, enabling security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end, across the MITRE ATT&CK® framework.    The platform provides out-of-the-box, expert, and threat intelligence-led risk assessments that are simple to deploy and use for all maturity levels, and constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies. Cymulate allows professionals to manage, know and control their dynamic environment. For more information, visit www.cymulate.com and register for a free trial. Contact for Cymulate: Levona Simha, Marketing Director at Cymulate [email protected] IL: +(972) 523 536638 Media contact for Cymulate: Gina Shaffer [email protected] US: +1(707) 533-1504 IL: +(972) 54-649-3485

Featured Resources

View More Resources
Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now 
blog

Handala Hack: From Regional Disruption to Digital Destruction — Why Security Validation Matters Now 

After years of battling ransomware and financially motivated threats, security teams must now increase their focus to defend against digital destruction. Iranian-backed Handala Hack highlighted the growing threat with its claimed attacks against a U.S.-based medical equipment maker, with reports of widespread deletion of data

Read More
CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 
blog

CVE-2026-26117: Hijacking Azure Arc on Windows for Local Privilege Escalation & Cloud Identity Takeover 

CVE-2026-26117 lets attackers hijack Azure Arc on Windows, escalate to SYSTEM, and seize the machine’s cloud identity.

Read More
Exposure Validation Demo
Demo

Exposure Validation Demo

Demo of automated offensive simulations validating detection, prevention, and IOC coverage

Learn More