Cymulate announced the next
generation Extended Security Posture Management (XPSM) platform leveraging its
native, Offensive Security technology and capabilities to widely support customers'
security and business needs.
The combination of these new capabilities follows several product launches over
the last six months and provides end-to-end validation of an organization's
cyber security posture. XSPM incorporates four fundamental pillars tied
together with analytics to provide meaningful security posture insights: Attack
Surface Management, Continuous Automated Red Teaming and Breach and Attack
Simulation alongside an Advanced Purple Teaming framework.
Attack Surface Management (ASM)
Helping organizations understand how hackers might get an initial
foothold, ASM tools scan domains, sub domains, IPs, ports and other assets for
internet facing vulnerabilities. These functions alongside Open-Source
Intelligence (OSINT), that could be used in a social engineering attack or a
phishing campaign. Combined with Vulnerability Prioritization Technology (VPT), these capabilities
empower security teams to efficiently prioritize vulnerabilities and mitigation
steps, ensuring shorter time to remediation.
Continuous Automated Red Teaming (CART)
Moving beyond reconnaissance to answering: "how can an adversary
breach my defenses?" CART tools attempt to penetrate the organization by
analyzing the exposed vulnerabilities and autonomously deploying attack
campaigns that penetrate the network. After gaining the initial foothold, an
attack subsequently propagates within the network in search of critical
information or assets, for example by triggering a well-crafted phishing
email.
Breach Attack Simulation (BAS)
BAS tools launch simulated attack scenarios out of the box,
correlates findings to security controls (email and web gateways, WAF,
endpoint, etc.) and provides mitigation guidance. These tools are primarily
used by blue teams to perform security control optimization.
Advanced Purple Teaming
Advanced Purple Teaming Framework expands BAS into the creation
and automation of advanced and custom attack scenarios. These tools easily
follow the MITRE ATT&CK® framework to model a threat actor, enabling
security practitioners to create complex scenarios from predefined resources to
custom binaries and executions. Customized scenarios can be used to exercise
incident response playbooks, proactive threat hunting and to automate security
assurance procedures and health checks.
"With the threat landscape evolving at such a rapid pace,
Cymulate's SaaS-based Extended Security Posture Management (XSPM) is better
suited to cater to customers' needs," said Eyal Wachsman, CEO and Co-founder of
Cymulate. "We're now continuing our vision to help organizations stay in
control of their security posture while minimizing resources, as well as
allowing security professionals and leaders to know and control their
cybersecurity posture in a dynamic environment."
The XSPM platform provides
out-of-the-box, expert and threat intelligence-led risk assessments that are
simple to deploy and use for all maturity levels, and constantly updated.
Deployable within minutes, Cymulate enables security professionals to
continuously challenge, validate and optimize their cybersecurity posture
end-to-end, across the MITRE ATT&CK framework.