Cymulate Exposure Management Platform
Agentless breach and attack simulation with one-hour deployment and automated testing.
Vendor Information
Cymulate Exposure Management Platform Overview
Cymulate Exposure Management Platform is a SaaS-based Breach and Attack Simulation solution from Cymulate, founded in 2016 by Eyal Wachsman (CEO), Avihai Ben-Yossef, and Eyal Gruner, and headquartered in Holon, Tel Aviv, Israel with a second office in New York, NY, United States. The company raised $141M across multiple rounds from One Peak Partners, Vertex Growth Fund, Vertex Ventures Israel, Dell Technologies Capital, and Susquehanna Growth Equity ($70M Series D September 2022 at ~$500M valuation). Cymulate has achieved SOC 2 Type II certification (audited by Deloitte Israel) and ISO 27001:2013, ISO 27017, and ISO 27701 certifications. The company was recognized as a 2018 Gartner Cool Vendor and has won Gold in the BAS category at Globee Awards for five consecutive years.
The platform deploys within one hour and enables continuous, automated security validation across the MITRE ATT&CK framework with agentless architecture. Key capabilities include APT simulation, ransomware testing, email security validation, web application penetration testing, data exfiltration scenarios, and custom red team/purple team campaign creation. Unlike traditional pentesting, Cymulate provides continuous testing that adapts to evolving threats. The platform integrates with existing SIEM, SOAR, EDR, and security infrastructure across cloud, on-premise, and hybrid environments.
Serving 500+ customers including Raiffeisen Bank International, NTT, Telit, and Euronext across financial services, healthcare, government, and critical infrastructure. The company has 291 employees and $35M annual revenue. Cymulate aligns with CTEM frameworks and provides actionable remediation guidance with risk scoring.
Key Capabilities
Standardized capabilities mapped to this product's security niche
Reports which simulated techniques triggered alerts in existing security controls and which did not, mapping undetected techniques to the specific control or detection rule that should have fired.
Provides specific detection rule recommendations, log source requirements, and control configuration changes for each identified gap: not just a list of undetected techniques.
Provides a shared workspace for red and blue teams to document technique execution, detection results, and remediation actions during concurrent exercises.
Tests user susceptibility and email security control effectiveness using simulated phishing campaigns, including credential harvesting pages and malicious attachment templates.
Simulates cloud-specific attack techniques: IAM privilege escalation, SSRF to metadata service, S3 bucket enumeration, cross-account role assumption.
Executes attack technique sequences on a scheduled or continuous basis against production controls, enabling detection of control drift between point-in-time assessments.
Number of MITRE ATT&CK techniques and sub-techniques covered by the simulation library. Breadth determines how much of the attack lifecycle can be tested.
Executes simulations using non-destructive payloads and read-only techniques that cannot cause data loss, service disruption, or lateral damage in production environments.
Integrations
Compatible tools and platforms
Solution Details
Compliance & Certifications
Regulatory frameworks and security certifications
Deployment Options
Where and how this solution can be deployed
Support Channels
Available support and communication options
Pricing Model
How this solution is priced
How to buy
This profile hasn’t been claimed yet. Contact the vendor directly for pricing and purchasing options.
Is this your company?
Claim Your Profile