The new Cymulate Exposure Analytics solution uses security analyzes to show customers how their cyber resilience is - from the attacker's perspective and tailored to the business context.
Cymulate, the leader in exposure management and security risk validation, announces the launch of Cymulate Exposure Analytics, a groundbreaking new solution for organizations looking to implement a robust CTEM (Continuous Threat Exposure Management) program. CTEM is a term coined by Gartner, Inc. to describe a program designed to diagnose the severity of vulnerabilities, create an action plan to remediate them, and ensure that the business and technical teams speak a common language.
Security analysis of the business structure
However, there are challenges to overcome: disparate data sources, point data collection, and lack of business context make it difficult for cybersecurity teams to capture and contextualize exposure data and translate security issues into business impact. The new Cymulate Exposure Analytics solution bridges this gap: it collects data from Cymulate products as well as third-party data on vulnerabilities, risky assets, attack vectors, threat intelligence and other security controls to enable defenses that are fair to real risks and business context .
While other programs often focus on reactive detection and remediation, Gartner's CTEM program is about proactively managing risk and resilience. CTEM provides organizations with a repeatable framework for their offensive cybersecurity initiatives based on five pillars: Probing, Detecting, Prioritizing, Validating, and Mobilizing. The Cymulate Exposure Analytics solution has a measurable impact on all five pillars of the CTEM program, helping organizations reduce risk by discovering, tracking and improving their security posture.
How Cymulate Exposure Analytics supports a CTEM program:
- Probing: Determination of the risk situation of business systems and security tools by company division as well as the vulnerability to immediate and new threats. On this basis, the most effective programs for reducing or controlling risk values and tolerances can be defined.
- Recognize: Correlated analysis of Cymulate and multi-vendor data, assessing on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impact.
- Prioritize: Prioritization of the vulnerabilities and recommendations for their remediation based on the aggregated data from the different vendor systems. The data is normalized, put into context and checked for the likelihood of a security breach.
- Validate: Analysis of the level of vulnerability, safety integrity and the effectiveness of the remedial actions using the data from the safety validation. The data on the immediate threats and the effectiveness of security controls help to answer various questions such as: "Are we vulnerable to this new threat?" or "Do we have the necessary means to protect ourselves in the event of an attack?"
- Mobilize: Leverage contextual Cymulate data to understand what outcomes different response options may produce and to identify and track performance against baselines, benchmarks and risk profiles.
“Cymulate has always looked at cyber defense from the attacker's perspective. With our experience simulating security breaches and attacks, we know exactly how attackers creatively exploit vulnerabilities—as well as other vulnerabilities that arise from human error, misconfiguration, or inadequate controls,” said Avihai Ben-Yossef, Chief Technology Officer and co-founder of Cymulate .
“With Cymulate Exposure Analytics, we are now providing customers with a centralized tool that leverages and contextualizes data from the Cymulate platform as well as third-party threat intelligence. This makes it possible to assess security risks, prioritize remedial actions, track the effectiveness of cybersecurity initiatives, and communicate risks effectively.”
Features of Cymulate Exposure Analytics
- Contextual vulnerability management: Cymulate Exposure Analytics integrates with popular vulnerability scanners and cybersecurity validation solutions to provide organizations with continuous visibility, context and risk assessment for each vulnerability.
- Risk-Based Asset Profile: Cymulate Exposure Analytics creates a consolidated view of all assets, with context for each risk. The solution collects data from vulnerability and attack surface management, configuration databases, Active Directory, cloud security posture management, and other systems, then quantifies risk to score each asset.
- Planning of remedial actions: Using risk quantification and aggregated asset inventory, a prioritized list of remedial actions is generated that have the greatest potential to reduce risk and increase cyber resilience most effectively.
- Measuring cyber resilience and establishing a baseline: The solution quantifies risk as a key metric for cyber resilience. This gives companies an overview of the resilience of their security measures and their business risk in the context of their business units, mission-critical systems and operational processes.
- Extension of the Cymulate platform: Cymulate Exposure Analytics complements Cymulate's existing platform, which includes Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Continuous Automated Red Teaming (CART) solutions.
On its own, Cymulate Exposure Analytics provides the centralized information and business contextual view of the security posture that is essential to an exposure management program. When Cymulate Exposure Analytics is deployed as part of the Cymulate Exposure Management and Security Validation platform, the total solution enables and streamlines CTEM programs by merging the traditional vulnerability-based view of risk with the "attacker's view" of the attack surface.
More at Cymulate.com
About Cymulate Cymulate's solution for cybersecurity risk validation and exposure management provides security professionals with the ability to continuously validate their cybersecurity posture on-premises and in the cloud with end-to-end visualization via the MITER ATT&CK® framework , to validate and to optimize. The platform offers automated, expert and threat data-driven risk assessments that are easy to implement and can be easily used by organizations of all cybersecurity maturity levels.