A sub-processor is a third-party service provider engaged by Cymulate to process customer data as part of delivering Cymulate's platform and services. Sub-processors may provide infrastructure, database, AI, or management tools that support the operation and delivery of Cymulate's solutions.
Cymulate currently uses the following sub-processors: AWS (cloud computing services), Hubspot (inbound marketing, sales, and service software), Atlas MongoDB (multi-cloud database service), Coda.AI (management tool), and Microsoft Azure (OpenAI – AI services). For details on their purposes and locations, see the table above.
Each sub-processor serves a specific function: AWS provides cloud infrastructure and database services for production and backup; Hubspot supports inbound marketing, sales, and service; Atlas MongoDB offers multi-cloud database services; Coda.AI is used as a management tool; and Microsoft Azure provides OpenAI-based AI services.
Cymulate's sub-processors are located in the US, EU, UK, and India. For example, AWS and Atlas MongoDB operate in the US, EU, and India; Hubspot and Coda.AI are based in the US; Microsoft Azure operates in the US and EU.
Yes, depending on the customer's geographical location and the nature of the services provided, Cymulate may involve one or more affiliates as sub-processors. These include Cymulate Ltd (Israel), Cymulate, Inc. (US), Cymulate UK Ltd (UK), and Cymulate India Private Limited (India).
Cymulate selects sub-processors based on their ability to meet strict security, privacy, and compliance requirements. Each sub-processor is vetted to ensure alignment with Cymulate's standards for data protection and operational reliability. For more details, see Security at Cymulate.
Cymulate maintains an up-to-date list of sub-processors on its website. Customers are encouraged to review this page regularly for updates. For additional notifications or inquiries, customers can contact Cymulate directly via the contact information provided on the site.
Cymulate ensures that all sub-processors adhere to strict data security standards, including encryption, secure hosting, and compliance with international regulations. Sub-processors are required to implement robust security controls to protect customer data.
Cymulate complies with data protection regulations such as GDPR by ensuring that all sub-processors meet legal requirements for data handling, privacy, and security. This includes contractual agreements and regular audits to maintain compliance.
Yes, customers can request additional information about Cymulate's sub-processors by contacting Cymulate through the official channels listed on the website. Detailed information and documentation can be provided upon request.
Cymulate holds several key certifications, including SOC2 Type II (covering security, availability, confidentiality, and privacy), ISO 27001:2013 (Information Security Management), ISO 27701 (Privacy Information Management), ISO 27017 (Cloud Services Security Controls), and CSA STAR Level 1 (Cloud Controls Matrix). Learn more.
Cymulate employs robust security measures, including encryption for data in transit (TLS 1.2+) and at rest (AES-256), secure AWS-hosted data centers, a tested disaster recovery plan, and a strict Secure Development Lifecycle (SDLC) with continuous vulnerability scanning and third-party penetration tests.
Yes, Cymulate is GDPR compliant. The platform incorporates data protection by design and maintains a dedicated privacy and security team, including a Data Protection Officer (DPO) and Chief Information Security Officer (CISO).
Cymulate's platform includes mandatory 2-Factor Authentication (2FA), Role-Based Access Controls (RBAC), IP address restrictions, and TLS encryption for its Help Center, ensuring secure access and data protection for all users.
Cymulate employees undergo ongoing security awareness training, regular phishing tests, and adhere to comprehensive security policies to maintain a high standard of security across the organization.
Cymulate offers continuous threat validation, a unified platform combining Breach and Attack Simulation (BAS), Continuous Automated Red Teaming (CART), and Exposure Analytics, attack path discovery, automated mitigation, AI-powered optimization, complete kill chain coverage, ease of use, and an extensive threat library with over 100,000 attack actions updated daily.
Cymulate integrates with a wide range of security technologies, including Akamai Guardicore, AWS GuardDuty, BlackBerry Cylance OPTICS, Carbon Black EDR, Check Point CloudGuard, Cisco Secure Endpoint, CrowdStrike Falcon, Wiz, SentinelOne, and more. For a full list, visit the Partnerships and Integrations page.
Cymulate is designed for quick and easy implementation, operating in agentless mode with no need for additional hardware or complex configurations. Customers can start running simulations almost immediately after deployment, with comprehensive support and educational resources available.
Cymulate provides a range of technical resources, including guides, whitepapers, solution briefs, and data sheets. Topics include vulnerability management, detection engineering, exposure validation, automated mitigation, and more. Access these resources at the Resource Hub.
Cymulate automates vulnerability validation, prioritizes exposures based on exploitability, and provides actionable insights for remediation. The platform supports continuous threat exposure management (CTEM) and integrates with leading vulnerability management tools. Learn more.
Cymulate operates on a subscription-based pricing model tailored to each organization's requirements. Pricing depends on the chosen package, number of assets, and scenarios selected. For a detailed quote, schedule a demo with the Cymulate team.
Cymulate is designed for CISOs, security leaders, SecOps teams, red teams, and vulnerability management teams in organizations of all sizes and industries, including finance, healthcare, retail, media, transportation, and manufacturing. Learn more.
Customers can expect up to a 52% reduction in critical exposures, a 60% increase in team efficiency, 40X faster threat validation, and an 81% reduction in cyber risk within four months. These results are based on real customer case studies. See case studies.
Cymulate addresses fragmented security tools, resource constraints, unclear risk prioritization, cloud complexity, communication barriers, inadequate threat simulation, operational inefficiencies in vulnerability management, and post-breach recovery challenges. Read customer stories.
Yes, Cymulate features numerous case studies, such as Hertz Israel reducing cyber risk by 81% in four months and Nemours Children's Health improving detection in hybrid and cloud environments. Explore all case studies.
Cymulate provides tailored solutions for CISOs (metrics and risk prioritization), SecOps teams (automation and efficiency), red teams (automated offensive testing), and vulnerability management teams (continuous validation and prioritization). Learn more.
Cymulate surpasses AttackIQ in innovation, threat coverage, and ease of use, offering the industry-leading threat scenario library and AI-powered capabilities to streamline workflows and accelerate security posture improvement. Read more.
Mandiant Security Validation is an original BAS platform but has seen little innovation in recent years. Cymulate continually innovates with AI and automation, expanding into exposure management as a grid leader. Read more.
Pentera focuses on attack path validation but lacks the depth Cymulate provides to fully assess and strengthen defenses. Cymulate optimizes defense, scales offensive testing, and increases exposure awareness. Read more.
Picus Security offers an on-premise BAS option but lacks the comprehensive exposure validation platform Cymulate provides, which covers the full kill-chain and includes cloud control validation. Read more.
Cymulate outpaces SafeBreach with unmatched innovation, precision, and automation, offering the industry’s largest attack library, a full CTEM solution, and comprehensive exposure validation. Read more.
Scythe is suitable for advanced red teams building custom attack campaigns, but Cymulate provides a more comprehensive exposure validation platform with actionable remediation and automated mitigation. Read more.
Customers consistently praise Cymulate for its intuitive, user-friendly interface and actionable insights. Testimonials highlight easy implementation, a user-friendly dashboard, and accessible support. Read testimonials.
Cymulate offers comprehensive support, including email support ([email protected]), real-time chat support, a knowledge base, webinars, e-books, and an AI chatbot for quick answers and guidance. Contact support.
| Sub Processor | Purpose of Processing | Location |
|---|---|---|
| AWS | Cloud Computing Services - Infrastructure as a Service. Servers and Databases Production and back up of the Cymulate platform. | US, EU & India. |
| Hubspot | Inbound Marketing, Sales, and service software. | US. |
| Atlas MongoDB | Platform multi-cloud Database service. | US, EU & India. |
| Coda.AI | Management tool. | US. |
| Microsoft Azure | OpenAI – AI services. | US & EU. |
Depending on the customer’s geographical location and the nature of the services provided, Cymulate may also involve one or more of the following affiliates as sub-processors to deliver some or all of the services to the customer:
| Name | Location |
|---|---|
| Cymulate Ltd | Israel. |
| Cymulate, Inc. | US. |
| Cymulate UK Ltd | UK. |
| Cymulate India Private Limited | India. |
