The unique Cymulate breach and attack simulation platform provides organizations with comprehensive cyber security tools reliably securing their critical assets. The system works by simulating a multi-vector, internal or external attack - which includes the latest vulnerabilities derived from Cymulate's research unit. By mimicking millions of the tactics, techniques and procedures (TTPs) of real-life threat actors the system enables a comprehensive validation of the organizations' current security posture status and efficiently repel any cyber security threats.
TESTS OF SECURITY FEATURES
The Cymulate solution allows organizations to check their security strength by exposing it to real-life attacks at any desired time. Tested can be most vulnerable penetration vectors: e-mail, web gateway for standard user access, web-application, etc. A Cymulate user may challenge the security assumptions 24/7 anywhere and at any time.
The platform represents a SAAS solution consisting of a server and an agent, the server being located in the cloud communicates with the agent installed inside the organization’s system. The server simulates external attacks while the agent reports on their success or failure. For modeling internal attacks the server and the agent switch the roles. As a result the user gets a comprehensive report on the organization security posture that is delivered immediately and reliably free from false data.
INTERNAL AND EXTERNAL ATTACK MODELING
Cymulate hacker's playbook is based on the various attacks utilized throughout the full cyber kill-chain. The chain can be divided into three stages: pre-exploitation (email gateway, web applications), exploitation (phishing and social engineering, endpoint security) and post-exploitation (lateral movement, data exfiltration). An attack is simulated through a logical sequence of commands and changing invasion methods and techniques. The user can monitor the entire course of a full scale penetration on the dashboard being absolutely sure that the simulated attack is harmless for the tested IT-system.