Cymulate, a renowned provider of exposure management and security validation solutions, has unveiled an innovative new offering that enables organizations to implement an informed continuous threat exposure management (CTEM) program. The program, which was originally introduced by Gartner, Inc., aims to evaluate the severity of exposures, develop action plans for remediation, and facilitate effective communication between business and technical teams. However, cybersecurity teams often face challenges when it comes to aggregating and contextualizing exposure data, which makes it difficult to assess the impact on business operations. In an effort to bridge this gap, Cymulate has launched the Cymulate Exposure Analytics solution, which combines data from its own products with third-party information on vulnerabilities, risky assets, attack paths, threat intelligence, and security controls. This integration allows organizations to establish a risk-informed defense strategy with proper business context.
Unlike traditional approaches that focus on reactive detection and response, the Gartner CTEM program prioritizes proactive risk management and resilience. By adopting this program, businesses can implement a systematic framework that encompasses scoping, discovery, prioritization, validation, and mobilization of offensive cybersecurity initiatives. The Cymulate Exposure Analytics solution has a measurable impact on all five pillars of the CTEM program, enabling organizations to effectively reduce risk by enhancing their understanding, tracking, and improvement of their security posture.
Avihai Ben-Yossef, the Chief Technology Officer and Co-founder of Cymulate, emphasized that the company has always taken an attacker’s perspective when it comes to cybersecurity defense. Through their experience in breach and attack simulation, Cymulate has gained valuable insights into how attackers exploit vulnerabilities and other exposures resulting from human error, misconfiguration, or control weaknesses. The latest announcement introduces a centralized tool that leverages data from the Cymulate platform and other third-party exposure data sources. This tool enables organizations to assess security risk, prioritize remediation efforts, track the performance of cybersecurity initiatives, and effectively communicate risk.
The Cymulate Exposure Analytics solution offers several capabilities that enhance vulnerability management. It integrates with common vulnerability scanners and cybersecurity validation solutions to provide organizations with continuous visibility, context, and risk assessment for each vulnerability. This advanced solution goes beyond the standard prioritization based on CVSS scores by including a security data fabric that contextualizes vulnerability findings with business insights and the effectiveness of security controls. In addition, the solution incorporates breach and attack simulation and continuous automated red teaming, which results in a risk score that considers the exploitability and effectiveness of compensating security measures.
Another key feature of the Cymulate Exposure Analytics solution is its ability to create a risk-based asset profile. By aggregating data from various sources, including vulnerability management, attack surface management, configuration databases, Active Directory, and cloud security posture management, the solution provides a comprehensive view of assets along with their associated risks. The risk-profiled asset inventory includes a quantified risk score for each endpoint, system, cloud container, virtual machine, application, email address, web domain, and IoT/OT device. This data can be organized based on business or operational context and includes detailed information on security controls, policies, known vulnerabilities, unpatchable vulnerabilities or security gaps, and mitigation status.
Furthermore, the Cymulate Exposure Analytics solution facilitates remediation planning by leveraging its risk quantification and aggregated asset inventory. It generates a prioritized list of mitigations that offer the most significant risk reduction and improved cyber resilience. Additionally, the remediation plan considers urgency, severity, compensating controls, and provides a forecast of the outcomes by modeling the impact of the proposed mitigations.
To measure and baseline cyber resilience, organizations can utilize the risk quantification provided by the Cymulate Exposure Analytics solution. By considering factors such as the attack surface, business context, control efficacy, breach feasibility, and external data such as CVSS scores and threat intelligence, the solution quantifies risk as a key metric of cyber resilience. The solution also provides dynamic reporting and dashboards to offer insights into measuring and communicating cyber resilience and risk to executives, boards, and peers.
The Cymulate Exposure Analytics solution is designed to be aligned with the existing platform offered by Cymulate, which includes Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Continuous Automated Red Teaming (CART) solutions. As exposure management and control validation tools become increasingly vital for businesses navigating a rapidly changing attack surface, the Cymulate modular offering allows customers to deploy solutions based on their current cybersecurity maturity. They can then gradually leverage additional capabilities as their needs evolve.
While the Cymulate Exposure Analytics solution can be implemented as a standalone tool to provide centralized intelligence and visibility into security posture, it can also be integrated into the Cymulate Exposure Management and Security Validation Platform. This integrated solution optimizes CTEM programs by merging the traditional vulnerability-based view of risk with the attacker’s perspective of the attack surface.
For more information about Cymulate and its diverse range of solutions, including Attack Surface Management, Breach and Attack Simulation, Continuous Automated Red Teaming, and Exposure Analytics, visit www.cymulate.com.