What is Cymulate and what does it do?

Cymulate is a SaaS-based Continuous Security Validation platform that enables organizations to proactively assess, test, and optimize their cybersecurity posture against evolving threats. It leverages the MITRE ATT&CK® framework to simulate real-world attacks across cloud and on-premise environments, providing actionable insights to close security gaps and improve resilience. Learn more .

What is the mission and vision of Cymulate?

Cymulate's mission is to transform cybersecurity practices by providing tools for continuous threat validation and exposure management. The vision is to create a collaborative environment where organizations can achieve lasting improvements in their cybersecurity strategies. About Us

How much funding has Cymulate raised to date?

As of May 2021, Cymulate has raised a total of million, including a million Series C round led by One Peak. Source

What are some recent milestones or achievements for Cymulate?

Cymulate doubled its revenue year-over-year in 2020, grew its staff by over 150%, and expanded globally with customers in the US, EMEA, APAC, and LATAM. It has been recognized as a #1 Innovation Leader by Frost & Sullivan and won multiple industry awards. Details

What types of organizations use Cymulate?

Cymulate serves hundreds of customers, including leading enterprises, Fortune 500 companies, and organizations across all verticals, with particular strength in financial services and healthcare sectors. Source

Where can I find Cymulate's latest news and press releases?

You can find all of Cymulate's latest company announcements, press releases, and media coverage in our newsroom . This includes information on partnerships, product updates, industry awards, and expert research featured in leading publications.

What industry awards and recognitions has Cymulate received?

Cymulate has been recognized as the #1 Innovation Leader in the Frost Radar report on the Global Breach and Attack Simulation (BAS) Market for 2020, endorsed by SANS, and won Gold in the Cybersecurity Excellence Awards 2021, Info Security’s PG Global Excellence Awards, and the InfoSec Awards 2020. Source

How does Cymulate support global operations?

Cymulate has launched its technology across the US, EMEA, APAC, and LATAM, serving commercial and enterprise customers worldwide. It has also partnered with global telecom companies such as NTT to expand its reach. Source

Where can I find Cymulate's case studies and customer success stories?

You can explore Cymulate's customer success stories and case studies by visiting the Case Studies page , where you can filter by industry and use case.

What are the core features of Cymulate's platform?

Cymulate's platform offers continuous security validation, automated attack simulations, exposure validation, exposure prioritization and remediation, attack path discovery, automated mitigation, and integrations with the MITRE ATT&CK® framework. It provides both out-of-the-box and customizable assessments for all skill levels. Platform details

How does Cymulate help organizations validate their security posture?

Cymulate enables organizations to run simulations of the latest threats in the wild, testing security defenses and controls across the entire kill chain. Simulations can be run on-demand or scheduled, providing actionable insights and data on vulnerabilities, security gaps, and mitigation procedures within minutes. Source

What is the MITRE ATT&CK® framework and how does Cymulate use it?

The MITRE ATT&CK® framework is a globally recognized knowledge base of adversary tactics and techniques. Cymulate leverages this framework end-to-end to simulate real-world attack scenarios and validate security controls against the latest threats. Learn more

Does Cymulate offer both out-of-the-box and customizable assessments?

Yes, Cymulate provides out-of-the-box, expert, and threat intelligence-led risk assessments that are simple to use for all skill levels. It also offers an open framework for ethical hackers to create and automate red and purple team exercises tailored to their unique environment. Source

How quickly can Cymulate provide actionable insights?

Cymulate's platform delivers specific, actionable insights and data on vulnerabilities and mitigation procedures within minutes of running a simulation. Source

How does Cymulate help organizations of different skill levels?

Cymulate provides assessments and simulations that are simple to use for all skill levels, from out-of-the-box options for less experienced users to customizable frameworks for advanced security professionals and ethical hackers. Source

What is the difference between Breach and Attack Simulation (BAS) and Continuous Security Validation?

Breach and Attack Simulation (BAS) refers to automated tools that simulate cyberattacks to test defenses. Continuous Security Validation, as provided by Cymulate, goes further by enabling ongoing, on-demand testing and validation of security controls, not just periodic assessments, ensuring organizations stay ahead of evolving threats. Source

What security and compliance certifications does Cymulate hold?

Cymulate holds several key security and compliance certifications, including SOC2 Type II, ISO 27001:2013, ISO 27701, ISO 27017, and CSA STAR Level 1. These certifications demonstrate Cymulate's commitment to industry-leading best practices. Security at Cymulate

How does Cymulate ensure data security and privacy?

Cymulate ensures data security through encryption for data in transit (TLS 1.2+) and at rest (AES-256), secure AWS-hosted data centers, a tested disaster recovery plan, and compliance with GDPR. The platform also includes mandatory 2FA, RBAC, IP address restrictions, and TLS encryption for its Help Center. Details

Is Cymulate GDPR compliant?

Yes, Cymulate incorporates data protection by design and has a dedicated privacy and security team, including a Data Protection Officer (DPO) and Chief Information Security Officer (CISO), ensuring GDPR compliance. More info

How does Cymulate ensure application security?

The platform is developed using a strict Secure Development Lifecycle (SDLC), including secure code training, continuous vulnerability scanning, and annual third-party penetration tests. Employees undergo ongoing security awareness training and phishing tests. Security at Cymulate

What is Cymulate's pricing model?

Cymulate operates on a subscription-based pricing model tailored to each organization's requirements. Pricing depends on the chosen package, number of assets, and scenarios selected. For a detailed quote, schedule a demo with the Cymulate team.

How long does it take to implement Cymulate?

Cymulate is designed for quick and easy implementation. It operates in agentless mode, requiring no additional hardware or complex configurations. Customers can start running simulations almost immediately after deployment. Schedule a demo

How easy is Cymulate to use?

Cymulate is praised for its intuitive, user-friendly interface and dashboard. Customers report that the platform is easy to implement and use, providing actionable insights with just a few clicks. Read reviews

What support resources are available for Cymulate users?

Cymulate offers comprehensive support, including email and chat support, a knowledge base with technical articles and videos, webinars, e-books, and an AI chatbot for quick answers and guidance. Resource Hub

What integrations does Cymulate offer?

Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. See full list

How does Cymulate support cloud security validation?

Cymulate integrates with cloud security solutions such as AWS GuardDuty, Check Point CloudGuard, and Wiz to validate and optimize cloud security controls. Cloud Security Validation

Who can benefit from using Cymulate?

Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, vulnerability management teams, and organizations of all sizes and industries, including finance, healthcare, retail, media, transportation, and manufacturing. Learn more

What are the main pain points Cymulate solves?

Cymulate addresses fragmented security tools, resource constraints, unclear risk prioritization, cloud complexity, communication barriers, inadequate threat simulation, operational inefficiencies in vulnerability management, and post-breach recovery challenges. See case studies

Are there case studies showing Cymulate's impact?

Yes. For example, Hertz Israel reduced cyber risk by 81% in four months using Cymulate. Other case studies include organizations in finance, energy, healthcare, and more. Read case studies

How does Cymulate help different security personas?

Cymulate tailors its solutions for CISOs (metrics and risk prioritization), SecOps (automation and efficiency), red teams (offensive testing), and vulnerability management teams (validation and prioritization). Learn more

What measurable outcomes have customers achieved with Cymulate?

Customers have reported a 52% reduction in critical exposures, a 60% increase in team efficiency, and an 81% reduction in cyber risk within four months. Hertz Israel case study

How does Cymulate compare to other security validation platforms?

Cymulate stands out with its unified platform combining BAS, CART, and Exposure Analytics, continuous threat validation, AI-powered optimization, ease of use, and the most advanced attack simulation library. It is recognized as a market leader by Frost & Sullivan. See comparison

What feedback have customers given about Cymulate's ease of use?

Customers consistently praise Cymulate for its intuitive interface, ease of implementation, and actionable insights. Testimonials highlight its user-friendly dashboard and the immediate value it provides. Read reviews

Cymulate Raises $45M in Series C Funding for Continuous Security Testing Led by One Peak

May 5, 2021

New York City, NY and Rishon Letzion, Israel (May 5^th, 2021) – Cymulate, the industry standard SaaS based Continuous Security Validation platform leveraging the MITRE ATT&CK® framework end-to-end, announced today a Series C funding round of $45M, led by One Peak, together with existing investors Susquehanna Growth Equity (SGE), Vertex Ventures Israel, Vertex Growth and Dell Technologies Capital. Cymulate has raised $71M to date, including a seed investment from Eyal Gruner.

The funding will be used to further accelerate Cymulate’s impressive growth as the company closed 2020 with double the revenue year-over-year and grew its staff by over 150%. Cymulate serves hundreds of customers including leading enterprises and F500 companies and most recently announced a partnership with global telecom giant NTT.

“The increasing pace of global cyber security attacks has resulted in a crisis of trust in the security posture of enterprises and a realization that security testing needs to be continuous as opposed to periodic, particularly in the context of an ever-changing IT infrastructure and rapidly evolving threats. Companies understand that implementing security solutions is not enough to guarantee protection against cyber threats and need to regain control,” said David Klein, Managing Partner at One Peak. “We love Cymulate’s effective, easy-to-use security testing platform as it empowers companies to assess attack vectors and security controls and closes any security gaps. We are excited to back Eyal, Avihai and the entire Cymulate team in their next leg of explosive growth.”

Cymulate has developed a comprehensive platform, which is the industry standard for organizations to validate their cyber posture continuously and on-demand, by testing their cloud and on premise networks against the latest threats in the wild. Their recent survey of over 700 security professionals revealed that 70% believe their existing testing methodologies are somewhat or not at all effective, and only 7% feel that they have strong cyber defenses in place. The survey also highlighted 56% of respondents have concrete plans to implement a solution such as Cymulate, particularly in 2022. The full survey can be accessed here.

“Cymulate saw a 50% increase in the number of unique attacks in the wild in 2020, and as APT groups are becoming increasingly aggressive and disruptive, there is a real need for companies to run daily or weekly assessments of their security posture. A loss of customer trust due to the fallout of a major attack is extremely hard to regain,” said Eyal Wachsman, CEO and co-founder of Cymulate. “This Series C funding is yet another vote of confidence in Cymulate and will enable us to expand our reach across the globe at a faster pace and continue our vision to be the largest and most comprehensive consultant-free security validation company”.

Cymulate’s SaaS-based Continuous Security Validation platform plays a critical role in empowering organizations to automatically assess and improve their overall security posture. Simulations of the latest threats in the wild test an organization’s security defenses and controls, across the entire kill chain of attack vectors and APT attack configurations, individually and interconnected. Simulations can run on-demand or be scheduled to run at regular intervals, with either an out-of-the-box option or customized by more advanced security professionals. Within minutes, the platform provides specific, actionable insights and data on where a company’s network is vulnerable, highlighting security gaps and mitigation procedures to optimize the security posture.

In just four years, Cymulate has successfully launched its technology across the US, EMEA, APAC and LATAM, having acquired commercial and enterprise customers across all verticals, particularly in the financial services and healthcare sectors. Cymulate continues to develop its technology and remain at the forefront of Continuous Security Validation, #1 leader in innovation according to the Frost Radar, most recently launching the Purple Team simulation, enabling their customers to create, store, modify and execute both simple and sophisticated assessments using custom built or out-of-the-box templates.

The company has been lauded by the industry in recent months including:

Frost and Sullivan: #1 Innovation Leader in its Radar report on the Global Breach and Attack Simulation (BAS) Market for 2020.
SANS endorsed Cymulate’s continuous security validation platform in new report
Cymulate’s Co-founder and CTO Avihai Ben Yosef included in Forbes Israel 30 under 30
Winner: Gold in Breach and Attack Simulation by Cybersecurity Excellence Awards 2021
Winner: Gold in the Breach and Attack Simulation, Detection and Protection category by Info Security’s PG Global Excellence Awards
Winner: First place in the Breach and Attack Simulation category in the InfoSec Awards 2020 by Cyber Defense Magazine

About Cymulate

Cymulate Continuous Security Validation enables companies to challenge, assess and optimize their cyber-security posture against the evolving threat landscape, simply and continuously. The platform provides out-of-the-box, expert and threat intelligence led RISK assessments that are simple to use for all skill levels, and constantly updated. It also provides an open framework for ethical hackers to create and automate red and purple team exercises and security assurance programs tailored to their unique environment and security policies. Cymulate helps security professionals to know and control their dynamic environment.

About One Peak

One Peak is a growth equity firm investing in technology companies in the scale-up phase. The firm provides growth capital to exceptional entrepreneurs with a view to transform innovative and rapidly growing businesses into lasting, category-defining leaders. In addition to Cymulate, One Peak’s investments include HighQ, Neo4j, DocPlanner, Spryker Systems, Pandadoc, Keepit, Concentra Analytics, Quentic, Coople, DataGuard, and Brightflag. To learn more, visit http://www.onepeakpartners.com.

Featured Resources

View More Resources

blog

Validate What Matters: Simulate Real-World Identity and Privilege Attacks in AD and Entra ID

Identity is the new perimeter. The move to the cloud and remote work creates new security boundaries based on users and services operating across cloud and hybrid environments, making