Cymulate released a new solution for organizations to run an informed continuous threat exposure management (CTEM) program.
The CTEM program, which was coined by Gartner is designed to diagnose the severity of exposures, create an action plan for remediation and facilitate a common language for discussions between business and technical teams. Disparate data sources, point-in-time collection, and lack of business context create challenges for cybersecurity teams to ingest and contextualize exposure data and translate it from a security concern to a business impact.
The new Cymulate Exposure Analytics solution bridges this gap by ingesting data from Cymulate products and other third-party data on vulnerabilities, risky assets, attack paths, threat intelligence, and other security controls to create a risk-informed defense with business context.
Unlike other programs that focus on reactive detection and response, the Gartner CTEM program is centered on proactively managing risk and resilience. By aligning with this program, organizations apply a repeatable framework to scope, discover, prioritize, validate, and mobilize their offensive cybersecurity initiatives.
The Cymulate Exposure Analytics solution has a quantifiable impact across all five of the CTEM program pillars and on a business’s ability to reduce risk by understanding, tracking, and improving its security posture.
- Scoping: Understand by organizational segment, the risk posture of business systems and security tools and its risk to immediate and emergent threats to define the highest impact programs needed to reduce or manage risk scores and tolerance
- Discovery: Correlated analysis from Cymulate and multi-vendor data that assesses on-premises and cloud attack surfaces, risky assets, attack paths, vulnerabilities, and business impact
- Prioritization: Vulnerability prioritization & remediation guidance based on multi-vendor aggregated data that is normalized, contextualized, and evaluated against breach feasibility
- Validation: Analyze exposure severity, security integrity, and effectiveness of remediation from security validation assessment data. Immediate threat and security control efficacy data can be used to answer questions such as “Are we at risk to this emergent threat?”, “Do we have the necessary capabilities to protect us when under attack?”.
- Mobilization: Utilize Cymulate contextualized data to understand various response outcome options, and establish and track performance against baselines, benchmarks, and risk profiles
“Cymulate has always taken an attacker’s view on cybersecurity defense, and through our experience in breach and attack simulation we have carefully studied the ways attackers creatively exploit vulnerabilities and other exposures driven by human error, misconfiguration, or control weaknesses,” said Avihai Ben-Yossef, CTO of Cymulate.
“This latest announcement provides customers with a centralized tool that leverages data collected from the Cymulate platform and other third-party exposure data sources and contextualizes it for scoping security risk, prioritizing remediation, tracking the performance of cybersecurity initiatives, and effectively communicating risk,” added Ben-Yossef.
Cymulate Exposure Analytics capabilities
Contextualized vulnerability management: Integrates with common vulnerability scanners and cybersecurity validation solutions to continuously provide organizations visibility, context, and risk for each vulnerability. Rather than simply prioritizing based on CVSS scores, Cymulate Exposure Analytics provides a security data fabric for contextualized vulnerability prioritization, which correlates vulnerability findings with business context and security control effectiveness. By integrating with tools for breach and attack simulation and continuous automated red teaming, Cymulate Exposure Analytics creates a risk score that considers the exploitability and effectiveness of compensating security controls.
Risk-based asset profile: Creates a consolidated view of assets with context to their risk. The product aggregates data from vulnerability management, attack surface management, configuration databases, Active Directory, cloud security posture management, and other systems and then applies its risk quantification to score each asset. This risk-profiled asset inventory contains a quantified risk score for every endpoint, system, cloud container, virtual machine, application, email address, web domain, IoT/OT device, and more. This data can also be aggregated by business or operational context. The inventory includes details for each asset, including existing security controls, currently enforced policies, known vulnerabilities, un-patchable vulnerabilities or security gaps, and mitigation status.
Remediation planning: Applies its risk quantification and aggregated asset inventory to create a prioritized list of mitigations that deliver the most significant risk reduction and improvement in cyber resilience. When available, the remediation plan presents remediation options that consider urgency, severity, and compensating controls – as well as the forecasted outcomes by modeling the risk impact of the mitigation.
Measure and baseline cyber resilience: Quantifies risk as a key metric of cyber resilience to understand security resilience and business risk in the context of business units, mission-critical systems, and business operations. Risk scoring considers the attack surface, business context, control efficacy, breach feasibility, and external data such as CVSS scores and threat intel. With dynamic reporting and dashboards for baselines and visualizations, security leaders gain insights to measure and communicate cyber resilience and risk to executives, boards, and their peers.
Platform alignment: Complements the company’s current platform, which includes Attack Surface Management (ASM), Breach and Attack Simulation (BAS), and Continuous Automated Red Teaming (CART) solutions. Exposure management and control validation tools are consolidating as businesses need to simplify how they understand risk and resilience to emergent threats and a rapidly changing attack surface. With the Cymulate modular offering, customers can deploy aligned to their current cybersecurity maturity and grow to leverage the platform’s additional capabilities as their needs change.
Deployed on its own, Cymulate Exposure Analytics creates centralized intelligence and visibility to security posture with business context essential to an exposure management program. When deployed as part of the Cymulate Exposure Management and Security Validation Platform, the total solution enables and optimizes CTEM programs by merging the traditional vulnerability-based view of risk with the “attacker’s view” of the attack surface.