{"global":{"lastError":{},"locale":"en","locales":{"data":[{"id":"de","name":"Deutsch"},{"id":"en","name":"English"}],"loading":false,"error":false},"currency":{"id":49,"name":"EUR"},"currencies":{"data":[{"id":49,"name":"EUR"},{"id":124,"name":"RUB"},{"id":153,"name":"UAH"},{"id":155,"name":"USD"}],"loading":false,"error":false},"translations":{"company":{"role-vendor":{"_type":"localeString","en":"Vendor","ru":"Производитель"},"role-supplier":{"_type":"localeString","en":"Supplier","ru":"Поставщик"},"products-popover":{"ru":"Продукты","_type":"localeString","en":"Products","de":"die produkte"},"introduction-popover":{"ru":"внедрения","_type":"localeString","en":"introduction"},"partners-popover":{"en":"partners","ru":"партнеры","_type":"localeString"},"update-profile-button":{"_type":"localeString","en":"Update profile","ru":"Обновить профиль"},"read-more-button":{"ru":"Показать ещё","_type":"localeString","en":"Show more"},"hide-button":{"_type":"localeString","en":"Hide","ru":"Скрыть"},"user-implementations":{"en":"Deployments","ru":"Внедрения","_type":"localeString"},"categories":{"en":"Categories","ru":"Компетенции","_type":"localeString"},"description":{"ru":"Описание","_type":"localeString","en":"Description"},"role-user":{"en":"User","ru":"Пользователь","_type":"localeString"},"partnership-vendors":{"_type":"localeString","en":"Partnership with vendors","ru":"Партнерство с производителями"},"partnership-suppliers":{"_type":"localeString","en":"Partnership with suppliers","ru":"Партнерство с поставщиками"},"reference-bonus":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus 4 reference"},"partner-status":{"en":"Partner status","ru":"Статус партнёра","_type":"localeString"},"country":{"ru":"Страна","_type":"localeString","en":"Country"},"partner-types":{"ru":"Типы партнеров","_type":"localeString","en":"Partner types"},"branch-popover":{"ru":"область деятельности","_type":"localeString","en":"branch"},"employees-popover":{"en":"number of employees","ru":"количество сотрудников","_type":"localeString"},"partnership-programme":{"_type":"localeString","en":"Partnership program","ru":"Партнерская программа"},"partner-discounts":{"ru":"Партнерские скидки","_type":"localeString","en":"Partner discounts"},"registered-discounts":{"en":"Additional benefits for registering a deal","ru":"Дополнительные преимущества за регистрацию сделки","_type":"localeString"},"additional-advantages":{"ru":"Дополнительные преимущества","_type":"localeString","en":"Additional Benefits"},"additional-requirements":{"ru":"Требования к уровню партнера","_type":"localeString","en":"Partner level requirements"},"certifications":{"_type":"localeString","en":"Certification of technical specialists","ru":"Сертификация технических специалистов"},"sales-plan":{"ru":"Годовой план продаж","_type":"localeString","en":"Annual Sales Plan"},"partners-vendors":{"ru":"Партнеры-производители","_type":"localeString","en":"Partners-vendors"},"partners-suppliers":{"en":"Partners-suppliers","ru":"Партнеры-поставщики","_type":"localeString"},"all-countries":{"ru":"Все страны","_type":"localeString","en":"All countries"},"supplied-products":{"ru":"Поставляемые продукты","_type":"localeString","en":"Supplied products"},"vendored-products":{"en":"Produced products","ru":"Производимые продукты","_type":"localeString"},"vendor-implementations":{"ru":"Производимые внедрения","_type":"localeString","en":"Produced deployments"},"supplier-implementations":{"_type":"localeString","en":"Supplied deployments","ru":"Поставляемые внедрения"},"show-all":{"en":"Show all","ru":"Показать все","_type":"localeString"},"not-yet-converted":{"ru":"Данные модерируются и вскоре будут опубликованы. Попробуйте повторить переход через некоторое время.","_type":"localeString","en":"Data is moderated and will be published soon. Please, try again later."},"schedule-event":{"ru":"Pасписание событий","_type":"localeString","en":"Events schedule"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"register":{"_type":"localeString","en":"Register","ru":"Регистрация "},"login":{"_type":"localeString","en":"Login","ru":"Вход"},"auth-message":{"ru":"Для просмотра ивентов компании авторизируйтесь или зарегистрируйтесь на сайт.","_type":"localeString","en":"To view company events please log in or register on the sit."},"company-presentation":{"en":"Company presentation","ru":"Презентация компании","_type":"localeString"}},"header":{"help":{"en":"Help","de":"Hilfe","ru":"Помощь","_type":"localeString"},"how":{"de":"Wie funktioniert es","ru":"Как это работает","_type":"localeString","en":"How does it works"},"login":{"ru":"Вход","_type":"localeString","en":"Log in","de":"Einloggen"},"logout":{"en":"Sign out","ru":"Выйти","_type":"localeString"},"faq":{"de":"FAQ","ru":"FAQ","_type":"localeString","en":"FAQ"},"references":{"en":"Requests","de":"References","ru":"Мои запросы","_type":"localeString"},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find-it-product":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"autoconfigurator":{"en":" Price calculator","ru":"Калькулятор цены","_type":"localeString"},"comparison-matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison Matrix"},"roi-calculators":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators"},"b4r":{"ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"business-booster":{"ru":"Развитие бизнеса","_type":"localeString","en":"Business boosting"},"catalogs":{"en":"Catalogs","ru":"Каталоги","_type":"localeString"},"products":{"en":"Products","ru":"Продукты","_type":"localeString"},"implementations":{"ru":"Внедрения","_type":"localeString","en":"Deployments"},"companies":{"en":"Companies","ru":"Компании","_type":"localeString"},"categories":{"ru":"Категории","_type":"localeString","en":"Categories"},"for-suppliers":{"ru":"Поставщикам","_type":"localeString","en":"For suppliers"},"blog":{"en":"Blog","ru":"Блог","_type":"localeString"},"agreements":{"en":"Deals","ru":"Сделки","_type":"localeString"},"my-account":{"ru":"Мой кабинет","_type":"localeString","en":"My account"},"register":{"ru":"Зарегистрироваться","_type":"localeString","en":"Register"},"comparison-deletion":{"en":"Deletion","ru":"Удаление","_type":"localeString"},"comparison-confirm":{"_type":"localeString","en":"Are you sure you want to delete","ru":"Подтвердите удаление"},"search-placeholder":{"ru":"Введите поисковый запрос","_type":"localeString","en":"Enter your search term"},"my-profile":{"_type":"localeString","en":"My profile","ru":"Мои данные"},"about":{"_type":"localeString","en":"About Us"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4presenter":{"en":"Roi4Presenter","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"sub_it_catalogs":{"_type":"localeString","en":"Find IT product"},"sub_b4reference":{"_type":"localeString","en":"Get reference from user"},"sub_roi4presenter":{"en":"Make online presentations","_type":"localeString"},"sub_roi4webinar":{"_type":"localeString","en":"Create an avatar for the event"},"catalogs_new":{"en":"Products","_type":"localeString"},"b4reference":{"en":"Bonus4Reference","_type":"localeString"},"it_our_it_catalogs":{"_type":"localeString","en":"Our IT Catalogs"},"it_products":{"_type":"localeString","en":"Find and compare IT products"},"it_implementations":{"en":"Learn implementation reviews","_type":"localeString"},"it_companies":{"_type":"localeString","en":"Find vendor and company-supplier"},"it_categories":{"en":"Explore IT products by category","_type":"localeString"},"it_our_products":{"_type":"localeString","en":"Our Products"},"it_it_catalogs":{"_type":"localeString","en":"IT catalogs"}},"footer":{"copyright":{"en":"All rights reserved","de":"Alle rechte vorbehalten","ru":"Все права защищены","_type":"localeString"},"company":{"_type":"localeString","en":"My Company","de":"Über die Firma","ru":"О компании"},"about":{"de":"Über uns","ru":"О нас","_type":"localeString","en":"About us"},"infocenter":{"_type":"localeString","en":"Infocenter","de":"Infocenter","ru":"Инфоцентр"},"tariffs":{"ru":"Тарифы","_type":"localeString","en":"Subscriptions","de":"Tarife"},"contact":{"_type":"localeString","en":"Contact us","de":"Kontaktiere uns","ru":"Связаться с нами"},"marketplace":{"en":"Marketplace","de":"Marketplace","ru":"Marketplace","_type":"localeString"},"products":{"_type":"localeString","en":"Products","de":"Produkte","ru":"Продукты"},"compare":{"ru":"Подобрать и сравнить","_type":"localeString","en":"Pick and compare","de":"Wähle und vergleiche"},"calculate":{"ru":"Расчитать стоимость","_type":"localeString","en":"Calculate the cost","de":"Kosten berechnen"},"get_bonus":{"de":"Holen Sie sich einen Rabatt","ru":"Бонус за референс","_type":"localeString","en":"Bonus for reference"},"salestools":{"de":"Salestools","ru":"Salestools","_type":"localeString","en":"Salestools"},"automatization":{"en":"Settlement Automation","de":"Abwicklungsautomatisierung","ru":"Автоматизация расчетов","_type":"localeString"},"roi_calcs":{"ru":"ROI калькуляторы","_type":"localeString","en":"ROI calculators","de":"ROI-Rechner"},"matrix":{"ru":"Матрица сравнения","_type":"localeString","en":"Comparison matrix","de":"Vergleichsmatrix"},"b4r":{"ru":"Rebate 4 Reference","_type":"localeString","en":"Rebate 4 Reference","de":"Rebate 4 Reference"},"our_social":{"ru":"Наши социальные сети","_type":"localeString","en":"Our social networks","de":"Unsere sozialen Netzwerke"},"subscribe":{"_type":"localeString","en":"Subscribe to newsletter","de":"Melden Sie sich für den Newsletter an","ru":"Подпишитесь на рассылку"},"subscribe_info":{"ru":"и узнавайте первыми об акциях, новых возможностях и свежих обзорах софта","_type":"localeString","en":"and be the first to know about promotions, new features and recent software reviews"},"policy":{"ru":"Политика конфиденциальности","_type":"localeString","en":"Privacy Policy"},"user_agreement":{"_type":"localeString","en":"Agreement","ru":"Пользовательское соглашение "},"solutions":{"ru":"Возможности","_type":"localeString","en":"Solutions"},"find":{"ru":"Подбор и сравнение ИТ продукта","_type":"localeString","en":"Selection and comparison of IT product"},"quote":{"en":"Price calculator","ru":"Калькулятор цены","_type":"localeString"},"boosting":{"_type":"localeString","en":"Business boosting","ru":"Развитие бизнеса"},"4vendors":{"_type":"localeString","en":"4 vendors","ru":"поставщикам"},"blog":{"_type":"localeString","en":"blog","ru":"блог"},"pay4content":{"ru":"платим за контент","_type":"localeString","en":"we pay for content"},"categories":{"_type":"localeString","en":"categories","ru":"категории"},"showForm":{"ru":"Показать форму","_type":"localeString","en":"Show form"},"subscribe__title":{"en":"We send a digest of actual news from the IT world once in a month!","ru":"Раз в месяц мы отправляем дайджест актуальных новостей ИТ мира!","_type":"localeString"},"subscribe__email-label":{"_type":"localeString","en":"Email","ru":"Email"},"subscribe__name-label":{"en":"Name","ru":"Имя","_type":"localeString"},"subscribe__required-message":{"ru":"Это поле обязательное","_type":"localeString","en":"This field is required"},"subscribe__notify-label":{"en":"Yes, please, notify me about news, events and propositions","ru":"Да, пожалуйста уведомляйте меня о новостях, событиях и предложениях","_type":"localeString"},"subscribe__agree-label":{"ru":"Подписываясь на рассылку, вы соглашаетесь с %TERMS% и %POLICY% и даете согласие на использование файлов cookie и передачу своих персональных данных*","_type":"localeString","en":"By subscribing to the newsletter, you agree to the %TERMS% and %POLICY% and agree to the use of cookies and the transfer of your personal data"},"subscribe__submit-label":{"en":"Subscribe","ru":"Подписаться","_type":"localeString"},"subscribe__email-message":{"ru":"Пожалуйста, введите корректный адрес электронной почты","_type":"localeString","en":"Please, enter the valid email"},"subscribe__email-placeholder":{"ru":"username@gmail.com","_type":"localeString","en":"username@gmail.com"},"subscribe__name-placeholder":{"ru":"Имя Фамилия","_type":"localeString","en":"Last, first name"},"subscribe__success":{"ru":"Вы успешно подписаны на рассылку. Проверьте свой почтовый ящик.","_type":"localeString","en":"You are successfully subscribed! Check you mailbox."},"subscribe__error":{"en":"Subscription is unsuccessful. Please, try again later.","ru":"Не удалось оформить подписку. Пожалуйста, попробуйте позднее.","_type":"localeString"},"roi4presenter":{"ru":"roi4presenter","_type":"localeString","en":"Roi4Presenter","de":"roi4presenter"},"it_catalogs":{"en":"IT catalogs","_type":"localeString"},"roi4webinar":{"_type":"localeString","en":"Pitch Avatar"},"b4reference":{"_type":"localeString","en":"Bonus4Reference"}},"breadcrumbs":{"home":{"ru":"Главная","_type":"localeString","en":"Home"},"companies":{"ru":"Компании","_type":"localeString","en":"Companies"},"products":{"ru":"Продукты","_type":"localeString","en":"Products"},"implementations":{"_type":"localeString","en":"Deployments","ru":"Внедрения"},"login":{"ru":"Вход","_type":"localeString","en":"Login"},"registration":{"ru":"Регистрация","_type":"localeString","en":"Registration"},"b2b-platform":{"_type":"localeString","en":"B2B platform for IT buyers, vendors and suppliers","ru":"Портал для покупателей, поставщиков и производителей ИТ"}},"comment-form":{"title":{"_type":"localeString","en":"Leave comment","ru":"Оставить комментарий"},"firstname":{"en":"First name","ru":"Имя","_type":"localeString"},"lastname":{"en":"Last name","ru":"Фамилия","_type":"localeString"},"company":{"_type":"localeString","en":"Company name","ru":"Компания"},"position":{"en":"Position","ru":"Должность","_type":"localeString"},"actual-cost":{"en":"Actual cost","ru":"Фактическая стоимость","_type":"localeString"},"received-roi":{"ru":"Полученный ROI","_type":"localeString","en":"Received ROI"},"saving-type":{"ru":"Тип экономии","_type":"localeString","en":"Saving type"},"comment":{"_type":"localeString","en":"Comment","ru":"Комментарий"},"your-rate":{"en":"Your rate","ru":"Ваша оценка","_type":"localeString"},"i-agree":{"ru":"Я согласен","_type":"localeString","en":"I agree"},"terms-of-use":{"en":"With user agreement and privacy policy","ru":"С пользовательским соглашением и политикой конфиденциальности","_type":"localeString"},"send":{"_type":"localeString","en":"Send","ru":"Отправить"},"required-message":{"ru":"{NAME} - это обязательное поле","_type":"localeString","en":"{NAME} is required filed"}},"maintenance":{"title":{"en":"Site under maintenance","ru":"На сайте проводятся технические работы","_type":"localeString"},"message":{"ru":"Спасибо за ваше понимание","_type":"localeString","en":"Thank you for your understanding"}}},"translationsStatus":{"company":"success"},"sections":{},"sectionsStatus":{},"pageMetaData":{"company":{"title":{"ru":"ROI4CIO: Компания","_type":"localeString","en":"ROI4CIO: Company"},"meta":[{"name":"og:image","content":"https://roi4cio.com/fileadmin/templates/roi4cio/image/roi4cio-logobig.jpg"},{"name":"og:type","content":"website"}],"translatable_meta":[{"name":"title","translations":{"ru":"Компания","_type":"localeString","en":"Company"}},{"translations":{"en":"Company description","ru":"Описание компании","_type":"localeString"},"name":"description"},{"name":"keywords","translations":{"_type":"localeString","en":"Company keywords","ru":"Ключевые слова для компании"}}]}},"pageMetaDataStatus":{"company":"success"},"subscribeInProgress":false,"subscribeError":false},"auth":{"inProgress":false,"error":false,"checked":true,"initialized":false,"user":{},"role":null,"expires":null},"products":{"productsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null,"useProductLoading":false,"sellProductLoading":false,"templatesById":{},"comparisonByTemplateId":{}},"filters":{"filterCriterias":{"loading":false,"error":null,"data":{"price":{"min":0,"max":6000},"users":{"loading":false,"error":null,"ids":[],"values":{}},"suppliers":{"loading":false,"error":null,"ids":[],"values":{}},"vendors":{"loading":false,"error":null,"ids":[],"values":{}},"roles":{"id":200,"title":"Roles","values":{"1":{"id":1,"title":"User","translationKey":"user"},"2":{"id":2,"title":"Supplier","translationKey":"supplier"},"3":{"id":3,"title":"Vendor","translationKey":"vendor"}}},"categories":{"flat":[],"tree":[]},"countries":{"loading":false,"error":null,"ids":[],"values":{}}}},"showAIFilter":false},"companies":{"companiesByAlias":{"cymulate":{"id":8254,"title":"Cymulate","logoURL":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png","alias":"cymulate","address":"Rishon Lezion, Israel","roles":[{"id":3,"type":"vendor"}],"description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an elite team of former IDF intelligence officers who identified frustrating inefficiencies during their cyber security operations. From this came their mission to empower organizations worldwide and make advanced cyber security as simple and familiar as sending an e-mail. Today, Cymulate is trusted by hundreds of companies worldwide, including leading banks and financial services.\r\n<br />Highly experienced and diverse researchers are fluent in security intelligence practices, combining expertise in private security, military and intelligence experience. Continuously examining the cyber-threat landscape, experts deliver in-depth visibility into today’s threats and the actors behind them. Evolving methodologies accordingly, ensure to continuously protect against current emerging threats, zero-day vulnerabilities, and the most advanced attack tactics, techniques, and procedures (TTP) to date.","companyTypes":["vendor"],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[{"id":1235,"title":"Cymulate BAS for Assuta Medical Center","description":"<span style=\"font-weight: bold;\">Challenge</span>\r\nThe fear of a cyberattack is real. The hospital’s security officers live with that fear every day because they know cyberattacks happen every day. So far, Assuta has evaded such a devastating attack on its information system. But in the past, Tamir Ronen, Assuta’s Chief Information Security Officer, hired penetration testers to test his system for vulnerabilities. However, the labor costs were significant and the actual testing took a long time. On some occasions, Tamir had to wait for the assessment results and reports to be delivered. When a test was completed, a meeting with Tamir’s staff and the penetration testers was required to resolve the findings and root out any “false” results. And, finally, Tamir’s staff would have run its own tests to double-check the findings of each report. The whole process was labor intensive and time consuming.<br />\r\nImagine Tamir Ronen’s surprise when he learned from Cymulate that the entire security assessment procedure could be accomplished much more quickly through on-demand simulation.<br />\r\n<span style=\"font-weight: bold;\">Solution</span><br />Cymulate’s SaaS-based, on-demand Breach and Attack simulation platform keeps Assuta one step ahead of cyber attackers 24 hours-a-day, every day of the year. The platform not only assess against the latest threats and most advanced multi-vector attacks—it also delivers an immediate and complete picture of Assuta’s current security posture.<br />\r\nThe platform uses an offensive approach and defensive tactics to simulate multi-vector cyberattacks from an attacker’s perspective, revealing critical vulnerabilities before exploitation from real attackers. After a simple implementation that required no labor from its own staff, Assuta had the ability to perform simulated attacks to reveal security exposures through email and Internet browsing.<br />\r\n<span style=\"font-weight: bold;\">Results</span><br />\r\nTamir Ronen works through the Cymulate main portal where he can pick and choose what type of attack, he wants to spring on any of his security solutions at any time. He generally conducts tests on each once a month. <span style=\"font-style: italic;\">“But each time there is a global virus attack campaign that is spreading, Cymulate immediately gets a sample of it and we can test its effect on our network immediately,” he said. “It’s a really big benefit. You can test it before it comes to you.”</span><br />\r\nTamir notes that Cymulate has more than satisfied his main objectives by conducting penetration testing automatically through simulation. <span style=\"font-style: italic;\">“It’s not only money,”</span> he said. <span style=\"font-style: italic;\">“It’s time.” </span>He said hiring manual penetration testers to conduct a test would take several days or more. Now he said testing can take place on-demand and only takes an hour, maybe less. The fixes, he said, are illuminated immediately.<br />\r\n<span style=\"font-style: italic;\">“Using Cymulate, I was able to find out that several of my security products were not configured as I wanted them to be,” Tamir said. “I discovered I had several vulnerabilities based on the misconfigured products. Once everything was configured correctly, I tested the system again using Cymulate. And the security hole within my network was eliminated.”</span>","alias":"cymulate-bas-for-assuta-medical-center","roi":0,"seo":{"title":"Cymulate BAS for Assuta Medical Center","keywords":"","description":"<span style=\"font-weight: bold;\">Challenge</span>\r\nThe fear of a cyberattack is real. The hospital’s security officers live with that fear every day because they know cyberattacks happen every day. So far, Assuta has evaded such a devastating attack on its inf","og:title":"Cymulate BAS for Assuta Medical Center","og:description":"<span style=\"font-weight: bold;\">Challenge</span>\r\nThe fear of a cyberattack is real. The hospital’s security officers live with that fear every day because they know cyberattacks happen every day. So far, Assuta has evaded such a devastating attack on its inf"},"deal_info":"","user":{"id":8916,"title":"Assuta","logoURL":"https://old.roi4cio.com/uploads/roi/company/Assuta.png","alias":"assuta","address":"","roles":[],"description":" Assuta Medical Center is the largest private hospital system in Israel, comprising nine clinics and hospitals across Israel and providing innovative surgeries and diagnostic procedures in all fields of medicine, including cardiology, oncology, gynecology, urology and more. Assuta serves patients from all over the world including Europe, the UK and the United States. Each year, Assuta handles approximately 92,000 operations, 683,000 ambulatory checks and treatments, 440,000 imaging tests, 4,000 heart catheterization procedures and 16,000 IVF treatments.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://assutatop.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Assuta","keywords":"","description":" Assuta Medical Center is the largest private hospital system in Israel, comprising nine clinics and hospitals across Israel and providing innovative surgeries and diagnostic procedures in all fields of medicine, including cardiology, oncology, gynecology, uro","og:title":"Assuta","og:description":" Assuta Medical Center is the largest private hospital system in Israel, comprising nine clinics and hospitals across Israel and providing innovative surgeries and diagnostic procedures in all fields of medicine, including cardiology, oncology, gynecology, uro","og:image":"https://old.roi4cio.com/uploads/roi/company/Assuta.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":8254,"title":"Cymulate","logoURL":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png","alias":"cymulate","address":"Rishon Lezion, Israel","roles":[],"description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an elite team of former IDF intelligence officers who identified frustrating inefficiencies during their cyber security operations. From this came their mission to empower organizations worldwide and make advanced cyber security as simple and familiar as sending an e-mail. Today, Cymulate is trusted by hundreds of companies worldwide, including leading banks and financial services.\r\n<br />Highly experienced and diverse researchers are fluent in security intelligence practices, combining expertise in private security, military and intelligence experience. Continuously examining the cyber-threat landscape, experts deliver in-depth visibility into today’s threats and the actors behind them. Evolving methodologies accordingly, ensure to continuously protect against current emerging threats, zero-day vulnerabilities, and the most advanced attack tactics, techniques, and procedures (TTP) to date.","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://cymulate.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Cymulate","keywords":"","description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:title":"Cymulate","og:description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:image":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png"},"eventUrl":""}],"products":[{"id":6245,"logo":false,"scheme":false,"title":"Cymulate BAS","vendorVerified":0,"rating":"1.80","implementationsCount":3,"suppliersCount":0,"alias":"cymulate-bas","companyTypes":[],"description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowers companies to safeguard their business-critical assets. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it, making security continuous, fast and part of everyday activities.\r\nCymulate runs quietly in the background without slowing down your business activities. Deploy a single lightweight agent to start running unlimited attack simulations. The easy to use interface makes it simple to understand your security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">Cymulate products</span>\r\n<span style=\"font-weight: bold;\">Full Kill-Chain APT </span><br />Since an Advanced Persistent Threat (APT) attempts to bypass security controls across the cyber kill chain, from attack delivery to exploitation and post-exploitation, defending against an APT requires testing the effectiveness of multiple security controls within your arsenal. Since the efficacy of one control affects the exposure of the next control in the kill chain, ascertaining if your defenses work against a full-blown attack becomes a daunting proposition.\r\nCymulate’s Full Kill-Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain by instrumenting your security framework in a comprehensive and easy-to-use manner. Instead of challenging each attack vector separately, organizations can now run a simulation of a full-scale APT attack with a click of a button, and gain a convenient, single-pane view of security gaps across their arsenal.<br /><br /><span style=\"font-weight: bold;\">Email Gateway</span>\r\nThis vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each security gap discovered depending on the type of attack simulated, and how far the threat has managed to bypass security controls and distribute itself, enabling IT and security teams to take the appropriate countermeasures.<br /><br /><span style=\"font-weight: bold;\">Web Gateway</span>\r\nCymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites. Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.<br /><br /><span style=\"font-weight: bold;\">Web Application Firewall</span>\r\nWAF (Web Application Firewall) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks. With Cymulate’s WAF attack simulation, you can check if your WAF configuration, implementation and features are able to block payloads before they get anywhere near your web applications. The platform simulates an attacker who tries to bypass your organization’s WAF and reaches the web application, after which they attempt to perform malicious actions such as mining sensitive information, inflicting damage and forwarding users to infected websites using applicative attacks such as cross-site scripting (XSS), SQL and command injections.\r\nAt the end of each WAF attack simulation, or other simulation vector, a Cymulate Risk Score is provided, indicating the organization’s exposure, along with other KPI metrics and actionable guidelines to fine-tune controls and close security gaps.<br /><br /><span style=\"font-weight: bold;\">Phishing Awareness</span>\r\nThis vector helps companies asses their employees' awareness to socially engineered attack campaigns. Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. Since it is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, the solution can help you to deter data breaches, minimize malware-related downtime and save money on incident response.\r\nSecurity awareness among employees is tested by creating and executing simulated, customized phishing campaigns enabling you to detect who are the weakest links in your organization. The phishing simulation utilizes ready-made out-of-the-box templates or custom-built templates assigned to a corresponding landing page with dummy malicious links. At the end of the simulation, a report is generated summarizing statistics and details of employees who have opened the email, and those who have clicked on the dummy malicious link, enabling organizations to assess their employees’ readiness to identify hazardous email.<br /><br /><span style=\"font-weight: bold;\">Endpoint Security </span>\r\nCymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.\r\nThe endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.<br /><br /><span style=\"font-weight: bold;\">Lateral Movement</span>\r\nLateral Movement (Hopper) vector challenges companies internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of single system. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.\r\nThe platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.\r\nThe Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.<br /><br /><span style=\"font-weight: bold;\">Data Exfiltration </span>\r\nThe vector challenges company's Data Loss Prevention (DLP) controls, enabling company to assess the security of outbound critical data before company sensitive information is exposed. The Data Exfiltration vector is designed to evaluate how well your DLP solutions and controls prevent any extraction of critical information from outside the organization. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information) to validate that those information assets stay indoors.\r\nThe attack simulation results are presented in a comprehensive and easy-to-use format, allowing organizations to understand their DLP-related security gaps and take the appropriate measures using actionable mitigation recommendations.<br /><br /><span style=\"font-weight: bold;\">Immediate Threat Intelligence </span><br />Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the very latest cyber attacks. The simulation is created by the Cymulate Research Lab which catches and analyzes threats immediately after they are launched by cybercriminals and malicious hackers.\r\nBy running this simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack takes place.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered, and vary according to the type of attack simulated, and the extent to which the attack was able to distribute itself. This allows the organization to truly understand its security posture and take action to improve or update controls where necessary.","shortDescription":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cymulate BAS","keywords":"","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:title":"Cymulate BAS","og:description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe"},"eventUrl":"","translationId":6247,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":4,"title":"Reduce Costs"},{"id":306,"title":"Manage Risks"},{"id":7,"title":"Improve Customer Service"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":346,"title":"Shortage of inhouse IT resources"},{"id":382,"title":"High costs of IT personnel"},{"id":385,"title":"Risk of data loss or damage"},{"id":400,"title":"High costs"},{"id":397,"title":"Insufficient risk management"},{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":334,"title":"Poor timing of management decision making"},{"id":340,"title":"Low quality of customer service"}]}},"categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://cymulate.com/resources/collateral/assuta-automated-cybersecurity-testing-program/","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":1237,"title":"Cymulate BAS for Euronext","description":"<span style=\"font-weight: bold;\">Euronext’s Information Security Department</span>\r\nEuronext’s information security department is comprised of multiple teams, including its Security Operation Centre (SOC) team and the Assessment and Exploitation Team. While the SOC’s main mission deals with incident response, continuously monitoring and improving the organization’s security posture, it works closely with Assessment and Exploitation Team, which is responsible for running vulnerability and red team assessments.<br />The SOC is entrusted with the security of all Euronext infrastructure and systems, all Euronext trading services and platforms, as well as all internal users and external users, including but not limited to the stock exchange service itself. The SOC works around the clock 24x7.<br />\r\n<span style=\"font-weight: bold;\">Business Challenge</span><br />\r\nKeeping a vigilant eye out for the latest developments in the cybersecurity market, Jorge Ruão, Head of Security Operations Centre at Euronext, sought better ways to prevent and detect cyber attacks.<br />\r\nThe Information Security Department is experienced in developing and running their own homegrown simulations of cyberattacks to test the organization’s security posture vis-à-vis specific threats.<br />\r\nAfter implementing new technology, deploying a specific security policy or updating the rule engine of a cybersecurity tool, the teams would run simulations of specific attacks to ensure that they could be blocked, or alternatively, be detected and mitigated.<br />\r\nWhile the practice of running attack simulations is highly effective, building simulations of specific attacks can be a resource-intensive undertaking, depending on the complexity of a malware strain or its associated variants. <span style=\"font-style: italic;\">“This is of special concern if time is critical, for example,”</span> says Ruão, <span style=\"font-style: italic;\">“when you are made aware that a new malware campaign exploiting zero-day vulnerabilities is spreading through the internet and you’ve just deployed mitigation or workaround measures received from your intel services.</span><br />\r\n<span style=\"font-weight: bold;\">Solution</span><br />\r\nImpressed by Cymulate’s ease of use and ability to repeatedly run the same battery of tests to test the organization’s security posture, Ruão implemented the cyberattack simulation platform, removing the need to build and prepare a manual framework to execute those very same tests. On top of manual penetration testing, red team exercises and vulnerability assessments performed periodically, Cymulate lets Euronext’s Information Security department run frequent security tests in response to a variety of events.<br />\r\nFor example, “when there is a new specific threat in the wild (e.g. WannaCry, etc.) Cymulate incorporates the threat’s indicators of compromise (IoCs) very quickly,” comments Ruão, “and you can immediately see how vulnerable you are to that threat without the need to internally develop a simulation to mimic that new threat.”<br />Similarly, if a security tool suddenly proves to be less effective following a configuration change, its settings can be updated and then thoroughly tested against a barrage of simulated cyber attacks.<br />\r\nHaving purchased four Cymulate attack vectors (modules) the year prior, including the Immediate Threat Assessment, Web Gateway, Email and Endpoint modules, Euronext has recently renewed their Cymulate subscription, adding one more module to the mix—the Hopper—which simulates potential lateral movement within the company’s network.<br />\r\nCommenting about the initial integration, Ruão says, “It was very easy and quick to deploy the solution with satisfactory results. No major issues were found during the deployment besides the need to provide the minimum requirements.”<br />\r\n<span style=\"font-weight: bold;\">Benefits</span><br />\r\nSince deploying the solution one year ago, both the SOC and Assessment and Exploitation teams use Cymulate together to find out and understand whether current security controls are in fact blocking threats.<br />By using Cymulate, Euronext’s Information Security<br />Department can now:\r\n<ul><li><span style=\"font-weight: bold;\">Test controls against the latest threats</span> – Imminent attacks detected in the wild are simulated by the platform, enabling up-to-date security assessments.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\">Frequently and repeatedly evaluate security controls</span> – New technology, configuration changes, or software/hardware updates can be easily tested to see their impact on the organization.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\">Complement homegrown simulations </span>– While highly effective, these are resource-intensive and may not be practical when time is of the essence.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\">Prove the value of business decisions</span> – By using Cymulate as a benchmark before deploying new technology, the team can demonstrate the efficacy of new solutions.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\">Understand cyber threats’ modus operandi</span> – This includes where in the attack kill chain a potential threat may be successful in circumventing security controls.</li></ul>\r\n<ul><li><span style=\"font-weight: bold;\">Provide executive and technical-level reporting</span> – With its built-in reports, visibility is provided into how each technology contributes to the organization’s overall security posture.</li></ul>\r\nSince implementing the platform, comments Ruão, <span style=\"font-style: italic;\">“We are very happy with the Cymulate solution and are already looking to expand the functionalities with additional tests.”</span><br />To conclude, Ruão says, <span style=\"font-style: italic;\">“I would recommend Cymulate because of its ease of use, it can quickly provide you a window into how vulnerable or how protected your organization is against external threats.”</span>","alias":"cymulate-bas-for-euronext","roi":0,"seo":{"title":"Cymulate BAS for Euronext","keywords":"","description":"<span style=\"font-weight: bold;\">Euronext’s Information Security Department</span>\r\nEuronext’s information security department is comprised of multiple teams, including its Security Operation Centre (SOC) team and the Assessment and Exploitation Team. While th","og:title":"Cymulate BAS for Euronext","og:description":"<span style=\"font-weight: bold;\">Euronext’s Information Security Department</span>\r\nEuronext’s information security department is comprised of multiple teams, including its Security Operation Centre (SOC) team and the Assessment and Exploitation Team. While th"},"deal_info":"","user":{"id":8917,"title":"Euronext","logoURL":"https://old.roi4cio.com/uploads/roi/company/Euronext_logo.png","alias":"euronext","address":"Амстердам, Нидерланды","roles":[],"description":" Euronext is the leading pan-European marketplace, rooted in four centuries of exchanges that are now at the heart of European capital markets. The exchange boasts 1,300 domestic and foreign companies listed for trading, with a combined 3.5 trillion Euro market capitalization.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"http://euronext.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Euronext","keywords":"","description":" Euronext is the leading pan-European marketplace, rooted in four centuries of exchanges that are now at the heart of European capital markets. The exchange boasts 1,300 domestic and foreign companies listed for trading, with a combined 3.5 trillion Euro marke","og:title":"Euronext","og:description":" Euronext is the leading pan-European marketplace, rooted in four centuries of exchanges that are now at the heart of European capital markets. The exchange boasts 1,300 domestic and foreign companies listed for trading, with a combined 3.5 trillion Euro marke","og:image":"https://old.roi4cio.com/uploads/roi/company/Euronext_logo.png"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":8254,"title":"Cymulate","logoURL":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png","alias":"cymulate","address":"Rishon Lezion, Israel","roles":[],"description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an elite team of former IDF intelligence officers who identified frustrating inefficiencies during their cyber security operations. From this came their mission to empower organizations worldwide and make advanced cyber security as simple and familiar as sending an e-mail. Today, Cymulate is trusted by hundreds of companies worldwide, including leading banks and financial services.\r\n<br />Highly experienced and diverse researchers are fluent in security intelligence practices, combining expertise in private security, military and intelligence experience. Continuously examining the cyber-threat landscape, experts deliver in-depth visibility into today’s threats and the actors behind them. Evolving methodologies accordingly, ensure to continuously protect against current emerging threats, zero-day vulnerabilities, and the most advanced attack tactics, techniques, and procedures (TTP) to date.","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://cymulate.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Cymulate","keywords":"","description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:title":"Cymulate","og:description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:image":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png"},"eventUrl":""}],"products":[{"id":6245,"logo":false,"scheme":false,"title":"Cymulate BAS","vendorVerified":0,"rating":"1.80","implementationsCount":3,"suppliersCount":0,"alias":"cymulate-bas","companyTypes":[],"description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowers companies to safeguard their business-critical assets. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it, making security continuous, fast and part of everyday activities.\r\nCymulate runs quietly in the background without slowing down your business activities. Deploy a single lightweight agent to start running unlimited attack simulations. The easy to use interface makes it simple to understand your security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">Cymulate products</span>\r\n<span style=\"font-weight: bold;\">Full Kill-Chain APT </span><br />Since an Advanced Persistent Threat (APT) attempts to bypass security controls across the cyber kill chain, from attack delivery to exploitation and post-exploitation, defending against an APT requires testing the effectiveness of multiple security controls within your arsenal. Since the efficacy of one control affects the exposure of the next control in the kill chain, ascertaining if your defenses work against a full-blown attack becomes a daunting proposition.\r\nCymulate’s Full Kill-Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain by instrumenting your security framework in a comprehensive and easy-to-use manner. Instead of challenging each attack vector separately, organizations can now run a simulation of a full-scale APT attack with a click of a button, and gain a convenient, single-pane view of security gaps across their arsenal.<br /><br /><span style=\"font-weight: bold;\">Email Gateway</span>\r\nThis vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each security gap discovered depending on the type of attack simulated, and how far the threat has managed to bypass security controls and distribute itself, enabling IT and security teams to take the appropriate countermeasures.<br /><br /><span style=\"font-weight: bold;\">Web Gateway</span>\r\nCymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites. Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.<br /><br /><span style=\"font-weight: bold;\">Web Application Firewall</span>\r\nWAF (Web Application Firewall) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks. With Cymulate’s WAF attack simulation, you can check if your WAF configuration, implementation and features are able to block payloads before they get anywhere near your web applications. The platform simulates an attacker who tries to bypass your organization’s WAF and reaches the web application, after which they attempt to perform malicious actions such as mining sensitive information, inflicting damage and forwarding users to infected websites using applicative attacks such as cross-site scripting (XSS), SQL and command injections.\r\nAt the end of each WAF attack simulation, or other simulation vector, a Cymulate Risk Score is provided, indicating the organization’s exposure, along with other KPI metrics and actionable guidelines to fine-tune controls and close security gaps.<br /><br /><span style=\"font-weight: bold;\">Phishing Awareness</span>\r\nThis vector helps companies asses their employees' awareness to socially engineered attack campaigns. Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. Since it is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, the solution can help you to deter data breaches, minimize malware-related downtime and save money on incident response.\r\nSecurity awareness among employees is tested by creating and executing simulated, customized phishing campaigns enabling you to detect who are the weakest links in your organization. The phishing simulation utilizes ready-made out-of-the-box templates or custom-built templates assigned to a corresponding landing page with dummy malicious links. At the end of the simulation, a report is generated summarizing statistics and details of employees who have opened the email, and those who have clicked on the dummy malicious link, enabling organizations to assess their employees’ readiness to identify hazardous email.<br /><br /><span style=\"font-weight: bold;\">Endpoint Security </span>\r\nCymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.\r\nThe endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.<br /><br /><span style=\"font-weight: bold;\">Lateral Movement</span>\r\nLateral Movement (Hopper) vector challenges companies internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of single system. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.\r\nThe platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.\r\nThe Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.<br /><br /><span style=\"font-weight: bold;\">Data Exfiltration </span>\r\nThe vector challenges company's Data Loss Prevention (DLP) controls, enabling company to assess the security of outbound critical data before company sensitive information is exposed. The Data Exfiltration vector is designed to evaluate how well your DLP solutions and controls prevent any extraction of critical information from outside the organization. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information) to validate that those information assets stay indoors.\r\nThe attack simulation results are presented in a comprehensive and easy-to-use format, allowing organizations to understand their DLP-related security gaps and take the appropriate measures using actionable mitigation recommendations.<br /><br /><span style=\"font-weight: bold;\">Immediate Threat Intelligence </span><br />Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the very latest cyber attacks. The simulation is created by the Cymulate Research Lab which catches and analyzes threats immediately after they are launched by cybercriminals and malicious hackers.\r\nBy running this simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack takes place.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered, and vary according to the type of attack simulated, and the extent to which the attack was able to distribute itself. This allows the organization to truly understand its security posture and take action to improve or update controls where necessary.","shortDescription":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cymulate BAS","keywords":"","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:title":"Cymulate BAS","og:description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe"},"eventUrl":"","translationId":6247,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":6,"title":"Ensure Security and Business Continuity"},{"id":10,"title":"Ensure Compliance"},{"id":306,"title":"Manage Risks"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":370,"title":"No automated business processes"},{"id":387,"title":"Non-compliant with IT security requirements"},{"id":386,"title":"Risk of lost access to data and IT systems"}]}},"categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://cymulate.com/resources/collateral/euronext-secures-trading-with-breach-and-attack-simulation/","title":"Web-site of vendor"}},"comments":[],"referencesCount":0},{"id":1233,"title":"Cymulate BAS for Integrated Health Plan (IHP)","description":"<span style=\"font-weight: bold;\">Business Challenge</span>\r\nBased in Singapore, IHP is subject to some of the world’s most stringent cybersecurity regulatory oversight. Moreover, like most healthcare organizations, the company is highly vulnerable to existing and emerging cyberthreats. In recent years, the company invested significant resources in security enhancement, security tool configuration, and deployment of security solutions.<br />\r\nThe company was focused on setting up and optimizing the most up-to-date protection for its production environment - production servers, exchanges, web applications and network infrastructure.<br />\r\nIn addition to these efforts, IHP wanted to increase the reliability of the solutions they had adopted to enhance their security posture. To protect themselves from the next threat, they needed assurance that their security solutions were consistently well configured and fully operational. Their network vulnerabilities assessment needed to be robust in order to maintain security at peak performance.<br /><br />\r\n<span style=\"font-weight: bold;\">Solution</span><br />\r\nIHP chose Cymulate to automatically and continuously identify and remediate gaps in their cybersecurity posture. Every day, IHP uses Cymulate to test real-world security strength by simulating actual cyberattacks across all attack vectors.<br />\r\nCymulate monitors the company’s email gateway, web gateway, and web application firewall - while also seeking out signs of penetration including lateral movement.Cymulate enables IHP to evaluate their controls to identify gaps - delivering a clear report detailing the company’s up-to-the-moment security posture and score, benchmarked across their industry. And, Cymulate translates these findings into actionable insights – delivering clear instructions that help IHP constantly reduce their attack surface and prioritize which gaps to close first.<br /><br /><span style=\"font-weight: bold;\">Benefits</span><br />Cymulate enabled IHP to gain a better ongoing overview of their environment’s security posture. In addition to facilitating daily cyberthreat monitoring based on up-to-the-minute cyber intelligence, Cymulate also identifies gaps in security and facilitates their rapid remediation.<br />\r\nWhen IHP needs to roll out new applications or services, Cymulate enables testing during the POC stage, to assess actual impact on their production environment.<br />\r\nLeveraging Cymulate, IHP lowered their daily security check time by around 40%, and their testing time investment by approximately 60%. Finally, Cymulate has measurably helped IHP optimize their defences to better comply with both cybersecurity regulations and corporate policies.<br />\r\nWith Cymulate, we gain enhanced security level assurance that helps our existing clients increase their trust in us to handle their information. Moreover, we gain the confidence of new clients to engage our services.<br />David Chang, IT Infrastructure Manager, IHP","alias":"cymulate-bas-for-integrated-health-plan-ihp","roi":0,"seo":{"title":"Cymulate BAS for Integrated Health Plan (IHP)","keywords":"","description":"<span style=\"font-weight: bold;\">Business Challenge</span>\r\nBased in Singapore, IHP is subject to some of the world’s most stringent cybersecurity regulatory oversight. Moreover, like most healthcare organizations, the company is highly vulnerable to existing ","og:title":"Cymulate BAS for Integrated Health Plan (IHP)","og:description":"<span style=\"font-weight: bold;\">Business Challenge</span>\r\nBased in Singapore, IHP is subject to some of the world’s most stringent cybersecurity regulatory oversight. Moreover, like most healthcare organizations, the company is highly vulnerable to existing "},"deal_info":"","user":{"id":8915,"title":"Integrated Health Plans Pte Ltd (IHP)","logoURL":"https://old.roi4cio.com/uploads/roi/company/IHP_logo.jpg","alias":"integrated-health-plans-pte-ltd-ihp","address":"","roles":[],"description":" Established in 1994, Integrated Health Plans Pte Ltd (IHP) provides managed healthcare services to corporate clients ranging from SMEs to MNCs. As a neutral third party administrator, IHP is committed to providing organisations with quality medical care at highly-competitive rates regardless of business size. IHP does this by contracting with medical providers who are sensitive to the issue of increasing healthcare costs, negotiating significant rate concessions with these providers, undertaking utilisation reviews and analyses to manage consumption, and establishing quality assurance processes to ensure the highest standard of medical care.","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":1,"supplierImplementationsCount":0,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://ihp.com.sg/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Integrated Health Plans Pte Ltd (IHP)","keywords":"","description":" Established in 1994, Integrated Health Plans Pte Ltd (IHP) provides managed healthcare services to corporate clients ranging from SMEs to MNCs. As a neutral third party administrator, IHP is committed to providing organisations with quality medical care","og:title":"Integrated Health Plans Pte Ltd (IHP)","og:description":" Established in 1994, Integrated Health Plans Pte Ltd (IHP) provides managed healthcare services to corporate clients ranging from SMEs to MNCs. As a neutral third party administrator, IHP is committed to providing organisations with quality medical care","og:image":"https://old.roi4cio.com/uploads/roi/company/IHP_logo.jpg"},"eventUrl":""},"supplier":{"id":8760,"title":"Hidden supplier","logoURL":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg","alias":"skrytyi-postavshchik","address":"","roles":[],"description":" Supplier Information is confidential ","companyTypes":[],"products":{},"vendoredProductsCount":0,"suppliedProductsCount":0,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":76,"vendorImplementationsCount":0,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Hidden supplier","keywords":"","description":" Supplier Information is confidential ","og:title":"Hidden supplier","og:description":" Supplier Information is confidential ","og:image":"https://old.roi4cio.com/uploads/roi/company/znachok_postavshchik.jpg"},"eventUrl":""},"vendors":[{"id":8254,"title":"Cymulate","logoURL":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png","alias":"cymulate","address":"Rishon Lezion, Israel","roles":[],"description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an elite team of former IDF intelligence officers who identified frustrating inefficiencies during their cyber security operations. From this came their mission to empower organizations worldwide and make advanced cyber security as simple and familiar as sending an e-mail. Today, Cymulate is trusted by hundreds of companies worldwide, including leading banks and financial services.\r\n<br />Highly experienced and diverse researchers are fluent in security intelligence practices, combining expertise in private security, military and intelligence experience. Continuously examining the cyber-threat landscape, experts deliver in-depth visibility into today’s threats and the actors behind them. Evolving methodologies accordingly, ensure to continuously protect against current emerging threats, zero-day vulnerabilities, and the most advanced attack tactics, techniques, and procedures (TTP) to date.","companyTypes":[],"products":{},"vendoredProductsCount":1,"suppliedProductsCount":1,"supplierImplementations":[],"vendorImplementations":[],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{},"companyUrl":"https://cymulate.com/","countryCodes":[],"certifications":[],"isSeller":false,"isSupplier":false,"isVendor":false,"presenterCodeLng":"","seo":{"title":"Cymulate","keywords":"","description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:title":"Cymulate","og:description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:image":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png"},"eventUrl":""}],"products":[{"id":6245,"logo":false,"scheme":false,"title":"Cymulate BAS","vendorVerified":0,"rating":"1.80","implementationsCount":3,"suppliersCount":0,"alias":"cymulate-bas","companyTypes":[],"description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowers companies to safeguard their business-critical assets. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it, making security continuous, fast and part of everyday activities.\r\nCymulate runs quietly in the background without slowing down your business activities. Deploy a single lightweight agent to start running unlimited attack simulations. The easy to use interface makes it simple to understand your security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">Cymulate products</span>\r\n<span style=\"font-weight: bold;\">Full Kill-Chain APT </span><br />Since an Advanced Persistent Threat (APT) attempts to bypass security controls across the cyber kill chain, from attack delivery to exploitation and post-exploitation, defending against an APT requires testing the effectiveness of multiple security controls within your arsenal. Since the efficacy of one control affects the exposure of the next control in the kill chain, ascertaining if your defenses work against a full-blown attack becomes a daunting proposition.\r\nCymulate’s Full Kill-Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain by instrumenting your security framework in a comprehensive and easy-to-use manner. Instead of challenging each attack vector separately, organizations can now run a simulation of a full-scale APT attack with a click of a button, and gain a convenient, single-pane view of security gaps across their arsenal.<br /><br /><span style=\"font-weight: bold;\">Email Gateway</span>\r\nThis vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each security gap discovered depending on the type of attack simulated, and how far the threat has managed to bypass security controls and distribute itself, enabling IT and security teams to take the appropriate countermeasures.<br /><br /><span style=\"font-weight: bold;\">Web Gateway</span>\r\nCymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites. Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.<br /><br /><span style=\"font-weight: bold;\">Web Application Firewall</span>\r\nWAF (Web Application Firewall) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks. With Cymulate’s WAF attack simulation, you can check if your WAF configuration, implementation and features are able to block payloads before they get anywhere near your web applications. The platform simulates an attacker who tries to bypass your organization’s WAF and reaches the web application, after which they attempt to perform malicious actions such as mining sensitive information, inflicting damage and forwarding users to infected websites using applicative attacks such as cross-site scripting (XSS), SQL and command injections.\r\nAt the end of each WAF attack simulation, or other simulation vector, a Cymulate Risk Score is provided, indicating the organization’s exposure, along with other KPI metrics and actionable guidelines to fine-tune controls and close security gaps.<br /><br /><span style=\"font-weight: bold;\">Phishing Awareness</span>\r\nThis vector helps companies asses their employees' awareness to socially engineered attack campaigns. Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. Since it is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, the solution can help you to deter data breaches, minimize malware-related downtime and save money on incident response.\r\nSecurity awareness among employees is tested by creating and executing simulated, customized phishing campaigns enabling you to detect who are the weakest links in your organization. The phishing simulation utilizes ready-made out-of-the-box templates or custom-built templates assigned to a corresponding landing page with dummy malicious links. At the end of the simulation, a report is generated summarizing statistics and details of employees who have opened the email, and those who have clicked on the dummy malicious link, enabling organizations to assess their employees’ readiness to identify hazardous email.<br /><br /><span style=\"font-weight: bold;\">Endpoint Security </span>\r\nCymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.\r\nThe endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.<br /><br /><span style=\"font-weight: bold;\">Lateral Movement</span>\r\nLateral Movement (Hopper) vector challenges companies internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of single system. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.\r\nThe platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.\r\nThe Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.<br /><br /><span style=\"font-weight: bold;\">Data Exfiltration </span>\r\nThe vector challenges company's Data Loss Prevention (DLP) controls, enabling company to assess the security of outbound critical data before company sensitive information is exposed. The Data Exfiltration vector is designed to evaluate how well your DLP solutions and controls prevent any extraction of critical information from outside the organization. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information) to validate that those information assets stay indoors.\r\nThe attack simulation results are presented in a comprehensive and easy-to-use format, allowing organizations to understand their DLP-related security gaps and take the appropriate measures using actionable mitigation recommendations.<br /><br /><span style=\"font-weight: bold;\">Immediate Threat Intelligence </span><br />Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the very latest cyber attacks. The simulation is created by the Cymulate Research Lab which catches and analyzes threats immediately after they are launched by cybercriminals and malicious hackers.\r\nBy running this simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack takes place.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered, and vary according to the type of attack simulated, and the extent to which the attack was able to distribute itself. This allows the organization to truly understand its security posture and take action to improve or update controls where necessary.","shortDescription":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cymulate BAS","keywords":"","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:title":"Cymulate BAS","og:description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe"},"eventUrl":"","translationId":6247,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"countries":[],"startDate":"0000-00-00","endDate":"0000-00-00","dealDate":"0000-00-00","price":0,"status":"finished","statusLabel":"Finished","isImplementation":true,"isAgreement":false,"confirmed":1,"implementationDetails":{"businessObjectives":{"id":14,"title":"Business objectives","translationKey":"businessObjectives","options":[{"id":306,"title":"Manage Risks"},{"id":6,"title":"Ensure Security and Business Continuity"},{"id":4,"title":"Reduce Costs"}]},"businessProcesses":{"id":11,"title":"Business process","translationKey":"businessProcesses","options":[{"id":282,"title":"Unauthorized access to corporate IT systems and data"},{"id":336,"title":"Risk or Leaks of confidential information"},{"id":386,"title":"Risk of lost access to data and IT systems"},{"id":387,"title":"Non-compliant with IT security requirements"},{"id":397,"title":"Insufficient risk management"},{"id":400,"title":"High costs"}]}},"categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"additionalInfo":{"budgetNotExceeded":"-1","functionallyTaskAssignment":"-1","projectWasPut":"-1","price":0,"source":{"url":"https://cymulate.com/resources/collateral/ihp-tests-real-world-cyberattacks-using-cymulate/","title":"Web-site of vendor"}},"comments":[],"referencesCount":0}],"userImplementations":[],"userImplementationsCount":0,"supplierImplementationsCount":0,"vendorImplementationsCount":3,"vendorPartnersCount":0,"supplierPartnersCount":0,"b4r":0,"categories":{"52":{"id":52,"title":"SaaS - software as a service","description":"<span style=\"font-weight: bold;\">Software as a service (SaaS)</span> is a software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. It is sometimes referred to as "on-demand software", and was formerly referred to as "software plus services" by Microsoft.\r\n SaaS services is typically accessed by users using a thin client, e.g. via a web browser. SaaS software solutions has become a common delivery model for many business applications, including office software, messaging software, payroll processing software, DBMS software, management software, CAD software, development software, gamification, virtualization, accounting, collaboration, customer relationship management (CRM), Management Information Systems (MIS), enterprise resource planning (ERP), invoicing, human resource management (HRM), talent acquisition, learning management systems, content management (CM), Geographic Information Systems (GIS), and service desk management. SaaS has been incorporated into the strategy of nearly all leading enterprise software companies.\r\nSaaS applications are also known as <span style=\"font-weight: bold;\">Web-based software</span>, <span style=\"font-weight: bold;\">on-demand software</span> and<span style=\"font-weight: bold;\"> hosted software</span>.\r\nThe term "Software as a Service" (SaaS) is considered to be part of the nomenclature of cloud computing, along with Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Desktop as a Service (DaaS),managed software as a service (MSaaS), mobile backend as a service (MBaaS), and information technology management as a service (ITMaaS).\r\nBecause SaaS is based on cloud computing it saves organizations from installing and running applications on their own systems. That eliminates or at least reduces the associated costs of hardware purchases and maintenance and of software and support. The initial setup cost for a SaaS application is also generally lower than it for equivalent enterprise software purchased via a site license.\r\nSometimes, the use of SaaS cloud software can also reduce the long-term costs of software licensing, though that depends on the pricing model for the individual SaaS offering and the enterprise’s usage patterns. In fact, it’s possible for SaaS to cost more than traditional software licenses. This is an area IT organizations should explore carefully.<br />SaaS also provides enterprises the flexibility inherent with cloud services: they can subscribe to a SaaS offering as needed rather than having to buy software licenses and install the software on a variety of computers. The savings can be substantial in the case of applications that require new hardware purchases to support the software.<br /><br /><br /><br />","materialsDescription":"<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Who uses SaaS?</span></h1>\r\nIndustry analyst Forrester Research notes that SaaS adoption has so far been concentrated mostly in human resource management (HRM), customer relationship management (CRM), collaboration software (e.g., email), and procurement solutions, but is poised to widen. Today it’s possible to have a data warehouse in the cloud that you can access with business intelligence software running as a service and connect to your cloud-based ERP like NetSuite or Microsoft Dynamics.The dollar savings can run into the millions. And SaaS installations are often installed and working in a fraction of the time of on-premises deployments—some can be ready in hours. \r\nSales and marketing people are likely familiar with Salesforce.com, the leading SaaS CRM software, with millions of users across more than 100,000 customers. Sales is going SaaS too, with apps available to support sales in order management, compensation, quote production and configure, price, quoting, electronic signatures, contract management and more.\r\n<h1 class=\"align-center\"><span style=\"font-weight: normal;\">Why SaaS? Benefits of software as a service</span></h1>\r\n<ul><li><span style=\"font-weight: bold;\">Lower cost of entry</span>. With SaaS solution, you pay for what you need, without having to buy hardware to host your new applications. Instead of provisioning internal resources to install the software, the vendor provides APIs and performs much of the work to get their software working for you. The time to a working solution can drop from months in the traditional model to weeks, days or hours with the SaaS model. In some businesses, IT wants nothing to do with installing and running a sales app. In the case of funding software and its implementation, this can be a make-or-break issue for the sales and marketing budget, so the lower cost really makes the difference.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Reduced time to benefit/rapid prototyping</span>. In the SaaS model, the software application is already installed and configured. Users can provision the server for the cloud and quickly have the application ready for use. This cuts the time to benefit and allows for rapid demonstrations and prototyping. With many SaaS companies offering free trials, this means a painless proof of concept and discovery phase to prove the benefit to the organization. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Pay as you go</span>. SaaS business software gives you the benefit of predictable costs both for the subscription and to some extent, the administration. Even as you scale, you can have a clear idea of what your costs will be. This allows for much more accurate budgeting, especially as compared to the costs of internal IT to manage upgrades and address issues for an owned instance.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">The SaaS vendor is responsible for upgrades, uptime and security</span>. Under the SaaS model, since the software is hosted by the vendor, they take on the responsibility for maintaining the software and upgrading it, ensuring that it is reliable and meeting agreed-upon service level agreements, and keeping the application and its data secure. While some IT people worry about Software as a Service security outside of the enterprise walls, the likely truth is that the vendor has a much higher level of security than the enterprise itself would provide. Many will have redundant instances in very secure data centers in multiple geographies. Also, the data is being automatically backed up by the vendor, providing additional security and peace of mind. Because of the data center hosting, you’re getting the added benefit of at least some disaster recovery. Lastly, the vendor manages these issues as part of their core competencies—let them.</li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Integration and scalability.</span> Most SaaS apps are designed to support some amount of customization for the way you do business. SaaS vendors create APIs to allow connections not only to internal applications like ERPs or CRMs but also to other SaaS providers. One of the terrific aspects of integration is that orders written in the field can be automatically sent to the ERP. Now a salesperson in the field can check inventory through the catalog, write the order in front of the customer for approval, send it and receive confirmation, all in minutes. And as you scale with a SaaS vendor, there’s no need to invest in server capacity and software licenses. </li></ul>\r\n\r\n<ul><li><span style=\"font-weight: bold;\">Work anywhere</span>. Since the software is hosted in the cloud and accessible over the internet, users can access it via mobile devices wherever they are connected. This includes checking customer order histories prior to a sales call, as well as having access to real time data and real time order taking with the customer.</li></ul>\r\n<p class=\"align-left\"> </p>","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/SaaS__1_.png","alias":"saas-software-as-a-service"},"895":{"id":895,"title":"Breach and Attack Simulation Platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png","alias":"breach-and-attack-simulation-platforms"}},"branches":"Information Technology","companySizes":"51 to 100 Employees","companyUrl":"https://cymulate.com/","countryCodes":[],"certifications":[],"isSeller":true,"isSupplier":false,"isVendor":true,"presenterCodeLng":"","seo":{"title":"Cymulate","keywords":"","description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:title":"Cymulate","og:description":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button. Operating thousands of attack strategies, Cymulate shows you exactly where you’re exposed, and how to fix it.<br />Cymulate was founded by an ","og:image":"https://old.roi4cio.com/uploads/roi/company/Cymulate.png"},"eventUrl":"","vendorPartners":[],"supplierPartners":[],"vendoredProducts":[{"id":6245,"logoURL":"https://old.roi4cio.com/fileadmin/user_upload/cymulate_logo.png","logo":true,"scheme":false,"title":"Cymulate BAS","vendorVerified":0,"rating":"1.80","implementationsCount":3,"suppliersCount":0,"supplierPartnersCount":0,"alias":"cymulate-bas","companyTitle":"Cymulate","companyTypes":["vendor"],"companyId":8254,"companyAlias":"cymulate","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowers companies to safeguard their business-critical assets. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it, making security continuous, fast and part of everyday activities.\r\nCymulate runs quietly in the background without slowing down your business activities. Deploy a single lightweight agent to start running unlimited attack simulations. The easy to use interface makes it simple to understand your security posture.<br /><br />\r\n<span style=\"font-weight: bold;\">Cymulate products</span>\r\n<span style=\"font-weight: bold;\">Full Kill-Chain APT </span><br />Since an Advanced Persistent Threat (APT) attempts to bypass security controls across the cyber kill chain, from attack delivery to exploitation and post-exploitation, defending against an APT requires testing the effectiveness of multiple security controls within your arsenal. Since the efficacy of one control affects the exposure of the next control in the kill chain, ascertaining if your defenses work against a full-blown attack becomes a daunting proposition.\r\nCymulate’s Full Kill-Chain APT Simulation Module solves the challenge of security effectiveness testing across the entire cyber kill chain by instrumenting your security framework in a comprehensive and easy-to-use manner. Instead of challenging each attack vector separately, organizations can now run a simulation of a full-scale APT attack with a click of a button, and gain a convenient, single-pane view of security gaps across their arsenal.<br /><br /><span style=\"font-weight: bold;\">Email Gateway</span>\r\nThis vector is designed to evaluate your organization’s email security and potential exposure to a number of malicious payloads sent by email. The simulated attack exposes critical vulnerabilities within the email security framework. By sending emails with attachments containing ransomware, worms, Trojans, or links to malicious websites, the simulation reveals if simulated malicious emails could bypass your organizations’ first line of defense and reach your employees’ inbox. After running a simulation, the next step would be to test employees’ security awareness regarding socially engineered emails that try to lure them into opening malicious attachments, disclosing their credentials or clicking on malicious links.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each security gap discovered depending on the type of attack simulated, and how far the threat has managed to bypass security controls and distribute itself, enabling IT and security teams to take the appropriate countermeasures.<br /><br /><span style=\"font-weight: bold;\">Web Gateway</span>\r\nCymulate’s Web Gateway cyber attack simulation vector is designed to evaluate your organization’s inbound and outbound exposure to malicious or compromised websites and current capabilities to analyze any inbound traffic. It enables you to verify your organization’s exposure to an extensive and continuously growing database of malicious and compromised websites. Immediate, actionable simulation results enable IT and security teams to identify security gaps, prioritize remediation and take corrective measures to reduce your organization’s attack surface.<br /><br /><span style=\"font-weight: bold;\">Web Application Firewall</span>\r\nWAF (Web Application Firewall) vector challenges your WAF security resilience to web payloads and assists in protecting your web apps from future attacks. With Cymulate’s WAF attack simulation, you can check if your WAF configuration, implementation and features are able to block payloads before they get anywhere near your web applications. The platform simulates an attacker who tries to bypass your organization’s WAF and reaches the web application, after which they attempt to perform malicious actions such as mining sensitive information, inflicting damage and forwarding users to infected websites using applicative attacks such as cross-site scripting (XSS), SQL and command injections.\r\nAt the end of each WAF attack simulation, or other simulation vector, a Cymulate Risk Score is provided, indicating the organization’s exposure, along with other KPI metrics and actionable guidelines to fine-tune controls and close security gaps.<br /><br /><span style=\"font-weight: bold;\">Phishing Awareness</span>\r\nThis vector helps companies asses their employees' awareness to socially engineered attack campaigns. Cymulate’s Phishing Awareness vector is designed to evaluate your employees’ security awareness. It simulates phishing campaigns and detects weak links in your organization. Since it is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, the solution can help you to deter data breaches, minimize malware-related downtime and save money on incident response.\r\nSecurity awareness among employees is tested by creating and executing simulated, customized phishing campaigns enabling you to detect who are the weakest links in your organization. The phishing simulation utilizes ready-made out-of-the-box templates or custom-built templates assigned to a corresponding landing page with dummy malicious links. At the end of the simulation, a report is generated summarizing statistics and details of employees who have opened the email, and those who have clicked on the dummy malicious link, enabling organizations to assess their employees’ readiness to identify hazardous email.<br /><br /><span style=\"font-weight: bold;\">Endpoint Security </span>\r\nCymulate’s Endpoint Security vector allows organizations to deploy and run simulations of ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The attacks simulation ascertains if the security products are tuned properly and are actually protecting your organization’s critical assets against the latest attack methods. The comprehensive testing covers all aspects of endpoint security, including but not limited to: behavioral detection, virus detection, and known vulnerabilities.\r\nThe endpoint attack simulation results offer immediate, actionable results, including Cymulate’s risk score, KPI metrics, remediation prioritization and technical and executive-level reporting.<br /><br /><span style=\"font-weight: bold;\">Lateral Movement</span>\r\nLateral Movement (Hopper) vector challenges companies internal networks against different techniques and methods used by attackers to gain access and control additional systems on a network, following the initial compromise of single system. Cymulate’s Lateral Movement vector simulates a compromised workstation inside the organization and exposes the risk posed by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network.\r\nThe platform uses a sophisticated and effective algorithm to mimic all the common and clever techniques that the most skilled hackers use to move around inside the network.\r\nThe Hopper attack simulation results are presented in an interactive graphic diagram that shows the attacker’s lateral movement path, along with Cymulate’s risk score, KPI metrics and actionable mitigation recommendations. By taking corrective action, IT and security teams can take the appropriate countermeasures to increase their internal network security.<br /><br /><span style=\"font-weight: bold;\">Data Exfiltration </span>\r\nThe vector challenges company's Data Loss Prevention (DLP) controls, enabling company to assess the security of outbound critical data before company sensitive information is exposed. The Data Exfiltration vector is designed to evaluate how well your DLP solutions and controls prevent any extraction of critical information from outside the organization. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information) to validate that those information assets stay indoors.\r\nThe attack simulation results are presented in a comprehensive and easy-to-use format, allowing organizations to understand their DLP-related security gaps and take the appropriate measures using actionable mitigation recommendations.<br /><br /><span style=\"font-weight: bold;\">Immediate Threat Intelligence </span><br />Cymulate’s Immediate Threat Intelligence vector is designed to inform and evaluate your organization’s security posture as quickly as possible against the very latest cyber attacks. The simulation is created by the Cymulate Research Lab which catches and analyzes threats immediately after they are launched by cybercriminals and malicious hackers.\r\nBy running this simulation, you can validate within a short time if your organization would be vulnerable to these latest threats and take measures before an attack takes place.\r\nThe simulation results are presented in an easy-to-understand comprehensive report. Mitigation recommendations are offered for each threat that has been discovered, and vary according to the type of attack simulated, and the extent to which the attack was able to distribute itself. This allows the organization to truly understand its security posture and take action to improve or update controls where necessary.","shortDescription":"Cymulate is a breach and attack simulation platform that lets you protect your organization at the click of a button.","type":null,"isRoiCalculatorAvaliable":false,"isConfiguratorAvaliable":false,"bonus":100,"usingCount":0,"sellingCount":0,"discontinued":0,"rebateForPoc":0,"rebate":0,"seo":{"title":"Cymulate BAS","keywords":"","description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:title":"Cymulate BAS","og:description":"Cymulate automatically identifies security gaps in one click and tells you exactly how to fix them. Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to know and optimize your security posture any time, all the time and empowe","og:image":"https://old.roi4cio.com/fileadmin/user_upload/cymulate_logo.png"},"eventUrl":"","translationId":6247,"dealDetails":null,"roi":null,"price":null,"bonusForReference":null,"templateData":[],"testingArea":"","categories":[{"id":895,"title":"Breach and Attack Simulation Platforms","alias":"breach-and-attack-simulation-platforms","description":"<span style=\"font-weight: bold;\">Breach and attack simulations</span> are an advanced computer security testing method. These simulations identify vulnerabilities in security environments by mimicking the likely attack paths and techniques used by malicious actors. In this sense, a breach and attack simulation acts much like a continuous, automated penetration test, and it improves upon the inherent limitations of red and blue team testing.\r\nGartner defines BAS technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.\r\nWhat makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.\r\n<span style=\"font-weight: bold;\">There are three different types of BAS solutions:</span>\r\n<ul><li><span style=\"font-weight: bold;\">Agent-based BAS</span> solutions are the simplest form of BAS. Agents are deployed across the LAN and vulnerabilities are identified to determine which routes are open to a potential attacker to move around the network. An agent-based BAS solution is very similar to vulnerability scanning but offers much more context.</li><li><span style=\"font-weight: bold;\">BAS solutions based on “malicious” traffic.</span> These BAS solutions generate intrusive traffic within the network between dedicated virtual machines that serve as targets for a wide range of attack scenarios. An overview is then created of which events have not been detected and blocked by the company’s own security controls. </li><li><span style=\"font-weight: bold;\">Cloud-based BAS solutions.</span> BAS solutions that are cloud-based are the closest to a real attack. They simulate numerous attack scenarios from the outside via different entry points. (so-called multi-vector attacks) and thus also the network perimeter of the company. The cloud platforms are fed with the latest threats from a wide variety of sources and are therefore always very up-to-date. Being SaaS solutions, they can be implemented very quickly.</li></ul>\r\nBy running these cyber-attack simulations in a controlled environment, an advanced BAS platform can identify vulnerabilities and gaps and then provide prioritized recommendations to help quickly close them. In this sense, a BAS platform works much like a purple team, allowing for comprehensive vulnerability assessment and remediation. Yet unlike a purple team, a BAS platform is automated and can be deployed remotely, making it especially well-suited to today’s challenges.\r\nThis automation is the key to maintaining continuous risk assessment and threat mitigation — the gold standard for today’s cybersecurity solutions.<br /><br />","materialsDescription":"<h1 class=\"align-center\">What problems do BAS tools attempt to solve?</h1>\r\nBAS solutions give companies an answer to the question “Do our cybersecurity programs really work? Large companies invest heavily in security products, but still do not have the confidence that they can withstand increasingly sophisticated attacks. For financial and practical reasons it is also not possible to test entire enterprise production environments permanently and manually for security vulnerabilities. Breach and Attack Simulation fills exactly this gap and allows companies to get more out of their existing security solutions by enabling continuous testing of the enterprise network at low risk.\r\n<h1 class=\"align-center\">For which companies are BAS solutions suitable?</h1>\r\nIf you have a look around the BAS market, you will find that many offers are tailored to large enterprise customers with high security requirements, such as financial institutions and insurance companies. It is not surprising that Breach and Attack Simulation is especially interesting for this kind of companies. They typically have numerous security products in use, a dynamic IT landscape and a high level of IT maturity. In addition, there are high demands on IT security and high compliance pressure. High-end solutions like Breach and Attack Simulation are predestined for this environment.<br />However, there is also the possibility for smaller companies to use BAS technology. Some solution providers have made their BAS tools multi-tenant ready so that smaller companies can also benefit from them via partner companies.\r\n<h1 class=\"align-center\">How to Evaluate a BAS Platform?</h1>\r\n<ul><li>The right BAS platform can simulate attacks in the cloud, identifying misconfigurations and other security gaps, while also allowing organizations to determine if critical assets are truly secure in all environments.</li><li>The ability to identify gaps in detection and prevention in hybrid environments is another key feature. As more data migrates to the cloud, it’s imperative that organizations assess their risk posture and understand how new hybrid environments can be attacked from on-premises devices linked to cloud data. Assessing cloud and on-premises risks separately leads to reduced visibility and expanded threat exposure — you simply don’t know how each side effects the other.</li><li>An advanced BAS platform can safely simulate Advanced Persistent Threats (APTs) against an organization’s “crown jewel” assets. Networks and devices create many pathways for APTs and identifying them is important.</li><li>The right platform can also identify a wide range of attack vectors hackers can exploit, while running safely in a production environment. Testing security controls on an endpoint solution might tell you if you can stop a credential dump but will not tell you which accounts can be harvested, from which devices and the impact those accounts will have.</li><li>Organizations should also look for a BAS solution that offered prioritized remediation of security gaps and validation of security controls.</li></ul>\r\n<br /><br />","iconURL":"https://old.roi4cio.com/fileadmin/user_upload/hacking.png"}],"characteristics":[],"concurentProducts":[],"jobRoles":[],"organizationalFeatures":[],"complementaryCategories":[],"solutions":[],"materials":[],"useCases":[],"best_practices":[],"values":[],"implementations":[]}],"suppliedProducts":[],"partnershipProgramme":null}},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"implementations":{"implementationsByAlias":{},"aliases":{},"links":{},"meta":{},"loading":false,"error":null},"agreements":{"agreementById":{},"ids":{},"links":{},"meta":{},"loading":false,"error":null},"comparison":{"loading":false,"error":false,"templatesById":{},"comparisonByTemplateId":{},"products":[],"selectedTemplateId":null},"presentation":{"type":null,"company":{},"products":[],"partners":[],"formData":{},"dataLoading":false,"dataError":false,"loading":false,"error":false},"catalogsGlobal":{"subMenuItemTitle":""}}