Cymulate Reviews

Our typical use case for this solution is to determine the efficacy of the cybersecurity tools that we are using, and also the efficacy of the configurations or policies that we have.

The best features of Cymulate are its seamless integration, very good dashboard, autonomous reporting, and sophisticated payload.

Cymulate has positively impacted our organization by helping us to take care of the efficacy and reviewing the policies and configuration. It has increased our overhead, consuming our bandwidth, but the efficacy or the exposure score that was too high earlier has decreased, and now we can say that we've been able to tighten our security posture.

The way Cymulate works for EDR could be improved, as it drops payload and requires action from the EDR console for remediation, which can block the whole process of Cymulate execution. They should create some KB articles for the granular exclusion from different platforms and improve their technical assistance support.

We have started using Cymulate six months back.

Cymulate is stable, although I have experienced the website for R&D not working two or three times. However, when we run the tests, it works very stable and we haven't reported a single issue where Cymulate was the main problem.

I would rate technical support as six out of ten.

Neutral

My experience with the initial setup of Cymulate was easy.

We implemented it through consultants.

I have seen an ROI from this solution.

We have evaluated other options, but we found that Cymulate uses the most recent payloads in the industry.

Cymulate acts as an auditor, and after the audit, we must take steps for remediation which can be costly, not the auditors.

On a scale of 1-10, I rate Cymulate an 8.5.

I use Cymulate for many things. Basically, for example, when we first used Cymulate, we used it to determine which EDR we would prefer and which EDR is the best. We ran a scenario of attacks on some computers, and each computer had a different EDR. On these computers, we then saw the results, and according to them, we determined which EDR was better for us. We also use the WAF and the WAF service. We basically use everything in Cymulate.

I will be honest, we have it, but in the last year, I didn't maintain the system until a month ago. I returned to maintain the system with one of my employees, so I'm not fully involved, but it was my advice after we did a POC with Cymulate to purchase it.

What I appreciate most about Cymulate is that the reports are good for my executives. We integrated connections to Microsoft ATP, CrowdStrike, and similar EDRs, and it can tell you if we would receive alerts on specific events. This gives you a really good status on your network's security level and whether you get alerts or not.

The security validation feature helps my organization in assessing our security posture. Basically, we use it for maintaining our security. For example, if we see that certain file types are passing through our emails, we block them and then rerun the test. Since we are a worldwide company, we use it for all of our headquarters around the world. This provides a perspective on how each branch or headquarters is performing, which ones need more attention, and where we need to allocate more resources.

The intuitive dashboards in Cymulate are great. They inform you if it's running, and if you determine the base score, you can see if you got any higher or lower from that score. While we don't frequently use the dashboards, you can see the last run and the results clearly. Through using Cymulate, we discovered vulnerabilities we thought couldn't exist or believed we were already protected against. We fixed these issues and retested with the system, verifying the fixes without the system as needed.

The flexible deployment options in Cymulate are very straightforward. When setting up an agent, you send it to someone, install it, and that's it - the computer just needs to be online. We are based in Israel and have a branch in the US, and despite the significant time difference, we don't have any problems except during crises. It's essentially a one-time setup. Once installed and online, you can leave the computer aside, and it works perfectly. Any agent can be set up with new scheduled tasks very intuitively.

Overall, using Cymulate is straightforward. It depends on the user's expertise. For instance, if someone tests their WAF for XSS attacks but doesn't understand what XSS is, then it won't be helpful. This isn't a limitation of Cymulate but rather depends on the operator's knowledge.

I don't know if there's something that could be improved. They surprise me. As I mentioned, I returned a month ago. I haven't fully investigated the complete system yet. I must say that we have been with them for around three years. This is amazing because throughout these three years, they have supported us every week. We meet weekly to review results and fix issues together. Apart from occasional days off, this weekly support has been consistent for three years. It's remarkable because many products are sold and then the product teams forget about you, but this isn't the case with Cymulate.

I have been using Cymulate for approximately three years and have renewed it twice already.

The scalability with Cymulate is quite good. As mentioned, we have agents in Africa and the USA, and we can test them all.

I don't need to engage with their customer support team separately. They have weekly meetings with us where we resolve everything. I have changed several team members over the last three years, and whenever I introduce a new person, they provide a system guide. After one hour, the new team member can run the operation. If they have questions, they can ask me or the Cymulate support representative in the next meeting.

The initial setup and deployment with Cymulate is easy. They handle it for you. You only need to set up a computer and install the agents, and then you can start testing.

I don't currently recall the specific pricing details as I last reviewed them two years ago. I initially thought it would be more expensive, but I found it reasonable because you can purchase modules separately. You can buy only WAF or only EDR. We bought everything because we used it frequently, and it was a good price for our needs.

I evaluated other options before choosing Cymulate but prefer not to mention their names. We heard about other competitors but didn't appreciate what we saw because they don't show you everything. I didn't feel any connection between myself and their device.

I have used the continuous security validation feature but am uncertain about secure email validation. I am a customer with Cymulate, not a partner. I use many products but need to check with my supervisor about providing another review.

On a scale of 1-10, I rate Cymulate a 9.

I tried some of the modules of Cymulate, specifically two or three modules including Email Security, Endpoint, and another one. The use cases involved trying to test the effectiveness of the EDR solution that I have.

With Cymulate, the best features are the capacity to test the EDR or malware, anti-malware solution. That is the best case for us. Cymulate has a very friendly interface.

I don't know if that helped with quick decision making for my security team because I am the security team and you must have a dedicated team to work with this tool. I don't use the analytics module with Cymulate. They open and manage cases with Cymulate, and we have had some trouble with the agents.

I have about two or three years of experience with Cymulate.

The support is given by the MSSP. They open and manage cases with Cymulate, and we have had some trouble with the agents. They manage the cases.

Positive

Regarding the initial setup, I don't know if it's straightforward or complex.

Our MSSP is doing this as a service. They deal with the price with the brand. We are deploying the solution in this company. It's not in production yet.

I don't know if it's expensive. It depends on the modules that you want, or the time, because they give you a tenant. A tenant for you.

With Cymulate, I have experience using the vulnerability management tools. I don't know if I have used the Continuous Security Validation with Cymulate. I don't have that module licensed with Cymulate. We are doing that exercise with another solution. They give us a tenant for Cymulate. They manage that tenant, and we install the agents on our endpoints. It's cloud for most of the setup, but the agents run locally on our endpoint. It might be Cymulate.com. I rate Cymulate a seven out of ten.

The solution tells us where we need to perform actions. It makes us more efficient and measures the efficacy of the controls we've implemented. If we use a threat actor like APT28, the tool will tell us quite effectively how robust our email, web gateway, and endpoint controls are. It is an end-to-end solution for very sophisticated malware.

Endpoint testing is the most valuable feature. The product has a very good impact on our team’s productivity. We don't need to be an expert in the product to use it. The reporting capabilities are very good. I rate them ten out of ten. It's one of the most useful features because it gives you a metric for your efficacy. We use them as a baseline to manage our outcomes. The product has improved our security posture. It tells us where we need to invest. It tells us where we need to improve. The tool has been invaluable to me for what I use it for.

The product must provide consultancy for initial setup. The solution needs better marketing. It will help people to understand the product better.

I have been using the solution for two years.

I rate the tool’s stability a ten out of ten. Since it's a SaaS service, there's nothing for me to do. We have agents on our Cymulate device, but most of the solution is with Cymulate. It is not with the customer. It is fairly easy to integrate the product with third-party solutions. We've integrated it with Microsoft Defender.

The tool is scalable. We have it in all of our businesses. Our enterprise has 2000 users, but we also have the solution in small offices with 30 users. We scale the product up or down depending on our use case.

Before Cymulate, the market hadn't evolved enough. I transitioned to it from using vulnerability management tools like Rapid7. Vulnerability management tools would tell me where I'm vulnerable. I have migrated to breach and attack simulation tools in the last two years. I bought Cymulate because we had a successful proof of concept. The company and the pricing scaled quite nicely with what we wanted.

Cymulate is a SaaS solution. The initial setup was not difficult. We must be mindful that we're going to have some teething trouble. We found it reasonable because we ran a proof of concept first. When we put it in the enterprise, we knew the potential pitfalls.

We have seen a 100% return on investment. We're not a large information security team. The solution tells us quite explicitly where we need to focus. Other vulnerability management tools might tell us where the vulnerabilities are, but they might not tell us where to focus.

The product is affordable. There are no additional costs associated with it.

We evaluated other options. The market leaders are all the same. The differentiator is price.

I've never had to deal with technical support. We have a dedicated customer success manager. I have a weekly meeting to talk about new updates and problems. People who want to use the solution must do a proof of concept and understand their use case before buying it. It is not a vulnerability management tool.

I don't use everything the product has to offer. For my particular scenario, it works fine, and the features within the tool set are also fine. I'm in Australia. The tool is relatively new to the market in Australia. We were one of the first customers, so we have a very good relationship. I will recommend the product to anybody. Overall, I rate the solution a ten out of ten.

Our customers utilize Cymulate for various purposes, such as conducting ransomware assessments and auditing their overall security posture and technology infrastructure. By leveraging Cymulate's cloud platform, we assess their security readiness and identify vulnerabilities. Our approach involves utilizing Cymulate for vulnerability management and conducting thorough assessments based on the specific needs of each client. This includes using simulated attacks and exercises, to evaluate their defenses comprehensively. The scope of our assessments varies and is tailored to the unique requirements and challenges faced by each organization, allowing our technical team to creatively address and mitigate potential risks.

Cymulate's platform has enhanced our customers' cybersecurity preparedness and awareness, primarily targeting the internal team rather than end-users. By engaging in routine exercises and assessments, the team's proficiency in handling security threats has significantly improved within two to three months. This results in an estimated enhancement of the organization's overall security posture by at least twenty percent.

The dashboard and reporting capabilities of Cymulate have supported security decision-making across multiple areas.

Cymulate has been instrumental in identifying and mitigating advanced threats such as ransomware through assessments and testing of zero-day vulnerabilities.

The most valuable feature for us is the zero-day and advanced APT scenarios for SOC and security teams.

The management at Cymulate is inconsistent and unreliable, particularly in the sales process. Changes happen abruptly, with sudden shifts in personnel and strategy. The turnover rate for key positions, such as general management, is high, contributing to a sense of instability and dissatisfaction among clients. 
The reporting process requires significant improvement as technical reports often provides general advisory with insufficient remediation details for IT operations, also "top level" non-technical reports are lacking expected quality.

I have been working with it for three years.

It provides good stability capabilities. I would rate it eight out of ten.

Overall, it scales up seamlessly. We serve around seven enterprise customers.

I've always had the chance to communicate with live representatives, so I haven't had to reach out to support directly. In my experience, their support is reasonable, with no significant drawbacks or issues. They respond in a timely manner, which is appreciated. I would rate it eight out of ten.

Positive

The initial setup is straightforward. I would rate it nine out of ten.

The deployment time for Cymulate's services varies depending on the starting milestone, whether it's from the initial setup or another point. For instance, for a ransomware assessment, the initial installation typically takes just one day, with results often available within two to five days, sometimes even within the same day. Once the customer's use cases are agreed upon, setting up the tenant becomes the primary focus, which can be a significant challenge. This involves configuring the agent deployment, determining which segment to install the agent, and finalizing policies and tests. Despite this initial hurdle, the process becomes more straightforward once these steps are completed.

Cymulate's services are expensive for CE EU region . In some cases, it may be more cost-effective to hire a local competitor or ethical hacker for a year to perform frequent testing rather than purchasing Cymulate's services at the same price. I would rate it six out of ten. They offer a subscription model, where additional costs may arise from scaling the solution, such as expanding the number of agents, or adding modules. However their MSSP licensing strategy is unpredictable.

While Cymulate's technology shows great promise and delivers excellent results, their approach to positioning the solution appears to overlap with other companies like Tenable, making them both direct and indirect competitors. Cymulate must refine their messaging and manage expectations effectively. 

In my experience, they need to be more attentive internally and mindful of potential negative impacts on customers. They exhibit a high degree of flexibility, which can result in sudden changes without adequate alerting. Communicating with them via phone for business matters can be challenging.

On a scale from one to ten, I would rate Cymulate's technology level at eight, but their business level at four out of ten.

We use Cymulate to validate our security control configurations. It provides automated security testing, allowing us to automate scanning and simulate traffic in our environment. It helps in improving the overall security posture by checking and reinforcing our security measures.

Using Cymulate has helped my organization by automating security tasks, saving about ten hours a week. It has also aided in security configuration and improved productivity.

Cymulate is easy to set up, install, and configure. It provides robust configuration capabilities and simplifies the setup process.

The main area for improvement in Cymulate is its pricing. The cost can be quite high, and it impacts scalability as more simulations require additional expenses.

We have been using Cymulate for two years.

Cymulate is stable. I would rate its stability as an eight out of ten.

While Cymulate is scalable, it depends a lot on pricing. If we want to perform more simulations, we need to invest more money, which affects scalability. I would rate its scalability as six out of ten.

The technical support for Cymulate is good, and I would rate it as an eight out of ten. They are effective and helpful.

Positive

Before using Cymulate, we did not use any other similar products.

The initial setup of Cymulate is easy and not complex. It involves setting up the Cymulate agent, which can be done relatively quickly.

Three people were involved in the installation from my company, including engineers.

We have seen cost reductions and time savings after implementing Cymulate. It has saved us approximately ten hours a week.

The pricing for Cymulate could be better. If I were to rate it, it would be a six out of ten.

We evaluated several products but opted for Cymulate due to its features and capabilities.

I highly recommend Cymulate to other companies. It is a good solution for validating security configurations and improving overall security posture.