XM Cyber Reviews

The main use case for XM Cyber is primarily to help us understand risks around our data center estate, and we're starting our second use case by using it in the cloud. It helps us to manage risk and identify where to apply efforts for remediation.

Once we deployed XM Cyber, it allowed us to gain insights where normal vulnerability scanners are very limited. Vulnerability scanners primarily focus on patches, issues, and severity levels, and some handle this with lightweight intelligence. XM Cyber goes one step further because it's not always about patches, but about credentials and memory or Active Directory configurations. It's more tuned to how an attacker will start once they compromise your entry points or machines. It's the first step on how they do reconnaissance, and they pivot, which we call from one asset to another asset toward your crown jewels. It's about constantly mimicking the attackers, giving you better insights on how to manage your risks and focus remediation efforts on several assets, which we call chokepoints, to reduce other risks elsewhere so they can't reach the pot of gold.

XM Cyber allows us to focus our remediation efforts. Typically, remediation IT teams focus sometimes depending on the size and age of their estate, maybe up to 20% of their time. Depending on the IT teams, it could range from five individuals to 30 or 40 individuals; if you equate that into time, that's a large amount. XM Cyber really allows us to focus their efforts on what's important to the business, which is managing that risk. From industry data and our own, we know that only 8% are exploited regarding patching, so XM Cyber straight away allows us to focus. It also allows us to focus on other issues besides patching, such as credentials and memory. We have reduced this down from approximately 20% to 8%, resulting in considerable savings in time and money while managing the risk much better.

In that particular regard, previously other CISOs would probably have to deploy red teams or pen testers constantly to have visibility because IT estates are not static; they are constantly changing and configurations are changing. XM Cyber runs these risk scenarios at different parts of your estate constantly, mimicking the real world. It allows us to focus on what's important—remediation of particular chokepoints can eliminate or reduce the risk to a negligible point, disrupting hackers on their path from server to server navigating toward the pot of gold. It's all about risk management and focusing on efforts that matter to the company.

There was a very compelling moment when we first installed XM Cyber; it was six weeks in, and naturally, we kept some of our existing tooling as an overlap. XM Cyber saw something that could have hurt us as a business, which made it clear we saw immediate value from that moment. We remediated it quickly, which was crucial for us, and it saved a lot of effort. If the particular servers had been compromised, it could have hurt us, so XM Cyber helps us identify issues constantly.

One important recent development over the last year of XM Cyber is Attack Surface Management, which monitors our attack surface management. Previously, we monitored it, but with XM Cyber's recent capabilities, it looks from the outside in—how people often do reconnaissance on your estate, perhaps wrong ports open, wrong configurations, or vulnerabilities exposed. You can then translate that reflection onto the internal part, so it gives you full line of sight from outside right down to the internals, which is very important.

Approximately, we have 20 people in IT managing our data center estate. Their time was typically 15 to 20%, which we've reduced down to 8% of their time. If you multiply that by typically 35 hours, I am saving probably about seven hours per week per individual. When multiplied, there's immediate cost saving. More importantly, we conduct quantitative risk assessments using the FAIR framework, which includes our resistance to attack as part of how we measure it. XM Cyber provides excellent metrics to help us gauge that, and part of it involves reducing our loss exposure amount. With XM Cyber managing our risks better, our loss exposure amount has reduced significantly, leading to two big wins: our loss exposure amount has gone down, and we have direct savings from focusing our team's time on what's important, allowing them to work on other business benefits and generate value for the company.

We tightly integrate with APIs, consuming feeds and open source data. We have integrated with XM Cyber, and we are elevating ourselves with AI and MCP tools as we view this as a forerunner to reducing the workload for our agents and IT staff. We're pushing all our security partners to provide AI and MCP tools. Our vision is for them to offer a chat interface where a junior IT or an experienced infrastructure engineer can ask for what needs to be patched next without using an interface.

Their current interface is very usable and professional, ranking in the top tier of applications. Their reporting is good, offering custom reports, and their API integration is a new capability that serves us well. We have high expectations for the next generation, such as a chat interface to ask questions. However, everything has been very good. We push the boundaries with digital twins; I understand XM Cyber uses a similar concept of graph databases to map environments. I would like access to that and querying languages, enabling more informed business decisions.

XM Cyber sees much of our estate, which is beneficial for making informed decisions, and we can harness those insights and data for business analytics. For instance, it could help us gain insights into change management—if a particular server impacts another and that server is supported by yet another server, we could glean significant insights for change management meetings.

We have been using XM Cyber for just over two years.

XM Cyber is stable.

We have not experienced any issues with scalability or reached its limits. We do test their beta product releases, and what is heartwarming is how quickly they respond to issues and subtle nuances in their design. This responsiveness indicates a strong partnership; a security partner that listens to their customers.

The customer support is fantastic; it's probably some of the best we've received across all our security vendors. My team agrees, and it includes a diverse range of people. Over the last 10 to 15 years, XM Cyber is probably in the top two for customer support.

We did not use a different solution. We utilized and still conduct security penetration testing. We have indirectly saved on the number of pen tests required, still conducting the same amount but in different business areas. XM Cyber acts as a lightweight security pen tester running across your environment daily, which brings substantial value.

The setup was quite simple. We were very concerned about deploying XM Cyber agents across our estate since we have a mixed Linux and Windows environment, which might require us to reboot servers, thereby slowing the rollout capability and time to value. We were pleasantly surprised that during our proof of concept and in reality, we did not have to reboot any servers whatsoever. This was a strong advocate for XM Cyber's deployment.

The training was excellent across the team, including multiple training sessions, and the online information and remediation advice provided are excellent. Regarding commercials, I communicated with the UK sales team, and they were very good, professional, and not overly pushy, resulting in a long-term view and understanding, along with the support we needed.

Six weeks into using XM Cyber, we saw a compelling return on investment—primarily in risk reduction. There was a specific issue that our other security tooling did not pick up, but XM Cyber did. This marked a compelling moment for us, in addition to the fact that we reduced the amount of time spent on IT remediation. Previously, that was up to about 15% of their time, which we've reduced to 8%. Mathematically, you can calculate the savings, leading to over 60,000 US dollars saved per year. However, our most significant saving is in reducing our loss exposure amount. If a negative scenario were to occur, the likelihood of that happening is less, enabling us to conduct much better quantitative risk management.

We did evaluate the market and considered several options but eventually decided to move forward with XM Cyber through a proof of concept. We have a set method for introducing security technology into the business, which involves use case assessments and integration points. During our four-week proof of concept, we tightly integrated with their API, trained our teams, and deployed the solution, which satisfied our requirements. Typically, we discover the majority of issues within those first four weeks. After signing, by week six, we saw the value.

My advice for others considering XM Cyber is to plan well. It is worth purchasing from a security perspective. Initially, I believed I would use XM Cyber for only 12 months, but I changed my views a few weeks into that and reset my expectations. Now it is a core part of my strategy for identification. I would say to potential CISOs and security teams to plan thoroughly. They will likely be surprised by what they learn. Successfully engaging different teams during the remediation process and focusing on what matters is essential.

Those accustomed to historical working practices will need to adapt, but positively, they'll experience less burden. The remediation advice from XM Cyber is excellent; it's in a language that IT people can easily use without needing security specialists to interpret it. That's a significant benefit. Moreover, how you manage metrics and share operational metrics with senior leadership may require a different approach. It's positive that you have the capability to measure it, but I'd advise CISOs to think ahead regarding this area.

I am excited about the future growth and opportunity. Cyber Threat Management is a growing field, and CISOs are beginning to adopt it. We primarily use XM Cyber for our data center, but I know it will soon start complementing my cloud estate and visibility because CNAP-type tools have limitations in identification.

On a scale of 1-10, I rate XM Cyber a 9 out of 10.

My main use case for XM Cyber was to allow us to overcome a problem we had with remediating known scanned vulnerabilities. In other words, we were able to detect vulnerabilities, but given all the other pressures of work on the IT and security teams, we found it more difficult to prioritize the remediation of the vulnerabilities and make sure that we've fixed those vulnerabilities that represent the biggest risk to our business.

For example, we had a large number of vulnerabilities arising in our end-user PC estate, some of which arose from the browser end of the software installed on those PCs and some of them arose from the operating system on those PCs. We were able to quickly prove through the use of XM Cyber that the highest priority remediation should focus on the browser vulnerabilities rather than the operating system.

XM Cyber made it clear that browser vulnerabilities were the top priority because the platform was able to examine how vulnerabilities within our estate could be exploited and what the path would be from some bad actor in order to exploit those vulnerabilities. The ones that we prioritized, the vulnerabilities that we prioritized as a result of XM Cyber, were those that XM Cyber was indicating were most exploitable, and this is very powerfully illustrated when you look at XM Cyber and you examine the attack path maps it provides.

By far, the best feature of XM Cyber is being able to map out the way vulnerabilities can be exploited based on what they call the choke points in the network where the path that a bad actor would take comes closest to assets within our environment that are most vulnerable but also most valuable.

XM Cyber has positively impacted my organization by enabling us to focus our resources in security and in IT teams on the risks that are most significant to our business.

I wish to add that we intend to develop closer integration between XM Cyber and the other tools that help us tackle the issue of threats and vulnerabilities across our IT estate, ranging from the vulnerability management tools that do the vulnerability discovery through to tools at the other end, which would provide regular reports on not just the elimination of vulnerabilities, but other aspects of the security of our environment.

Integrating the XM Cyber functionality into tools or functionality that's up and downstream in the vulnerability management cycle needs improvement, and clearly there is scope for XM Cyber to more closely integrate some of that functionality over time, and indeed that's something that they are doing.

I have been using XM Cyber for just over two years.

XM Cyber is stable. We have quite a complex and large IT estate, and we've certainly experienced no limitations or problems arising from the ability of XM Cyber's product to scale across that estate.

Customer support for XM Cyber is good, responsive, and it follows up on issues. We've had some complex issues in the past, and it's naturally taken a little while to get to the bottom of those, but that was assisted more than hindered by XM Cyber's approach to support. I would rate the customer support an eight.

Positive

We did not previously have a threat exposure management solution in place.

More generally, we haven't actually saved time spent on vulnerability management, but the product of that time spent has been more effective in as much as it's reduced the timescale to remediate vulnerabilities that are identified as representing a high risk.

My experience with pricing, setup cost, and licensing was that we have a large, complicated estate, and in the licensing discussions, we were keen not to have the cost balloon because of the complication, the number of PCs and servers that we have. We were able to work with XM Cyber to reach a satisfactory conclusion on both sides, and we worked on a multi-year agreement to give both sides some confidence in the commercial agreement. Overall, the experience was very positive.

Before choosing XM Cyber, we evaluated two or three other options, including NDR type tools like Darktrace, and we also looked at some of the extended offerings of companies like Tenable, Rapid7, and Qualys.

In my day-to-day work, I use those visualizations or reports from XM Cyber at least weekly, if not more often than that.

We have not saved any time or effort, but we can prove that the effort involved around vulnerability management has been better spent to greater effect, and we've been able to demonstrate that vulnerabilities that do represent a high risk have been remediated more rapidly and more effectively.

We did not purchase XM Cyber through the AWS Marketplace.

From our experience, I would advise others looking into using XM Cyber to ensure that at the beginning of your journey, you have a reasonably complete and accurate inventory of your IT assets, the IT assets which you're going to use XM Cyber to help protect. Whether that's in the form of a formal CMDB or a less complete or singular inventory, it's important because that will allow you to relate the results of the XM Cyber product to assets that have value in your business. I would also ensure that you have wide visibility of whatever tool you're using to do vulnerability discovery so that you can compare the results of that with what XM Cyber is seeing and be confident that you have complete visibility of the vulnerabilities in your IT estate.

If XM Cyber can pull off the further integration of functionality around threat and exposure management, then it will consolidate its position, at least in our security toolkit, as being a very significant assistance in maintaining the security of our business.

I rate XM Cyber eight out of ten.

My major use case for XM Cyber is managing the services in our company, Prosegur Iberia, for Spain and Portugal. We develop and work together with XM Cyber technicians to develop use cases and analyze the alerts.

XM Cyber permits us to identify if a zero-day vulnerability can affect our infrastructure. It helps me understand the company's total risk that we have in our infrastructure and workstation vulnerability, and it permits us to identify the real impact when we have a vulnerability.

The attack simulation feature in XM Cyber is significant. We analyze with our COC team to prevent alerts and attacks. Our analysts, who have knowledge about our attackers and alerts, define new alerts and use cases in other technologies such as EDR, depending on the need.

I can divide the benefit from XM Cyber for my company into two aspects. In business, having XM Cyber can reduce your assurance cyber policy. It permits organizing the team when we have to solve a critical vulnerability because we can put the focus on the real impact.

The roadmap is a disadvantage because this kind of technology should incorporate AI. At the moment, we don't have any modules with AI.

They could improve support because when we need to create a super case and escalate to resolve with technical support, they resolve our ticket in approximately two weeks. This aspect needs improvement.

I have been a user for two years.

It's very stable. We don't find any problems with the platform.

It is very scalable overall. I would rate the scalability at eight points.

Support could improve in this aspect. I would rate it 7.5.

Positive

It was a decision in our group to purchase the product. We don't have any problems with compliance in general.

My overall experience with this product depends on the team that manages it. Since it's a new technology, the best way is to have a team with expertise to take advantage and manage the product effectively.

I would rate XM Cyber at seven out of ten points.

We use XM Cyber to define scenarios we are most worried about, including all the external entry points to our critical assets.

One of the main use cases I set up with XM Cyber is for internet-exposed assets to our domain controllers, which allows us to quantify the risk and prioritize our remediation.

We also use XM Cyber to determine lateral movement in a hybrid cloud, between the cloud and our on-premises.

XM Cyber allows us to quantify the risk, and we are able to track remediation, so we can quantify the risk at an executive level and also to a technical IT team.

We take the EMS service, and on a monthly basis, we have an executive report and also a technical report to present the risk at both the executive and technical level.

There is a very interesting feature about cross-graph concerning lateral movement and also about choke points, which allows us to focus on what matters the most.

Since implementing XM Cyber, we have improved the way we are doing patching, focusing on the choke points in our patching cycle, and it improves the way we assess the risk.

This focus on choke points and risk assessment has resulted in faster patching cadence, especially on the choke points, leading to a reduction of the risk, which is what we're looking for from this solution.

There are many interesting things about XM Cyber, but the part that can be improved is the mobile exposure and the IBM i specific equipment.

I have been using XM Cyber for two years.

XM Cyber is stable.

Its scalability is great; it's easy to deploy and fully scalable.

The customer support was great, with particular attention to answering our questions.

Positive

I did not use any other tool before XM Cyber.

My experience with pricing, setup cost, and licensing for XM Cyber was fine. We found great value in the tool, so we are ready to pay the license.

We have seen a return on investment through the quantification of the risk and tracking those risks to our management by following the security score of all the scenarios we have built, as well as tracking the remediation of choke points.

Before choosing XM Cyber, we launched an RFP and assessed Simulate and Pentera.

I would rate XM Cyber a nine out of ten.

If others are looking for an easy solution that allows them to visualize attack paths on what really matters, I would recommend XM Cyber.

I want to say that I'm more than happy to work with XM Cyber, and it's a great value for a company.

We use the product to identify the vulnerabilities in the network.

The platform's most valuable feature is attack simulation. It provides an efficient testing ground for security functionalities.

XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.

We have been using XM Cyber for a year. At present, we are using the latest version.

I rate the platform's stability an eight out of ten.

We work with ten XM Cyber customers. It is suitable for medium to large enterprises. I rate the scalability an eight out of ten.

There are many ways to deploy XM Cyber. We encounter complexity while deploying the agent during the setup. I rate the process a seven out of ten.

We have to pay standard licensing fees. There are no additional costs. It is an expensive product. I rate the pricing a seven out of ten.

XM Cyber helps identify risk by creating a shadow environment mirroring the production system. While it doesn't directly mitigate risks, it simulates attacks across this replica, uncovering vulnerabilities and weak points within the system. Once a WISC is established, it highlights the vulnerability and offers recommendations for improvement. It provides reporting templates, making the process faster.

I rate it an eight out of ten.

For us, it just improves our security. It is as simple as that. 

We have a number of requirements. First of all, there are compliance requirements. You need to do vulnerability management and you have to be secure. In our case, we needed to protect our customers' information. In classic vulnerability management, you use scanners such as Tenable or Qualys and those tools are quite good. They have been programmed to find as much as possible. Previously, you sold by the number of vulnerabilities they found, and if you got more than the competitor, you were better. The problem is nowadays if you scan large networks, you get a huge number of vulnerabilities. It's often tens of thousands or even hundreds of thousands. Nobody can deal with that amount. Nobody.

Therefore, you have to say "Well, okay, we have 40,000 vulnerabilities from low to medium to critical. We'll skip low and medium and take care of the critical ones only." However, this is only a quantitative approach. There are vulnerabilities that are not critical in the sense of the scanner, yet, in this context, they are critical.

On the other hand, there are lots of critical vulnerabilities that are not business-critical. If they compromise the system, what XM Cyber does, is it breaks all that down to attack paths, and it's an assumed breach scenario. XM assumes you have a broken, for example, web server, and it tells you what that means for you when you have an attacker inside your network. That can be bad, however, it's not necessarily extremely bad. Maybe he doesn't get any further from that system, for example, and cannot do any lateral movement. If it's possible to do lateral movement, XM will tell you. That's a great advantage. It shows you the vulnerabilities that matter with respect to an attacker trying to approach your crown jewels, so to speak.

With this product, at the end of the day, you don't have to deal with ICMP ping reply vulnerabilities or stuff like that. It shows you the relevant vulnerabilities. Often, it shows you if you have an up-to-date managed network, patch management, et cetera. Normally there are just a few systems that are not patched correctly, for whatever reason, and XM will tell you. Those systems may be responsible for a part of an attack path and others may not. If the others are not part of an attack path, it's not that urgent to take care of them since they are vulnerable, yet not as much.

The product allows you to go to those systems that are part of an attack path and fix that. The areas that would normally cause your sleepless nights are focused on. You fix those immediately, and you have more time for the rest. At the end of the day, this is much quicker. It's not a quantitative approach. It's a qualitative approach. It saves you lots of work if you don't have to patch something immediately. You don't have to call a meeting with a business owner and tell him, "Wow, we need to reboot your systems," and he's telling you, "No, we can't." This saves you a lot of work and lots of discussions and makes you much, much more secure.

What I personally like very much, from my experience, is that it is very reliable. If you have tools that try to do more, to make more technology, or interact with other software products, you often cannot decide who's right. Is this solution right in interpreting the data it gets? Or is the configuration it has read correctly interpreted...or not? With XM Cyber, that answer is quite simple. It's a straightforward approach and it works. We haven't seen any false positives or anything like that.

There's a lot of improvement possible, however, most of it is in the details. I personally like the concept, as it's pretty straightforward and the product is not trying to overload functionality. It's a clean and straightforward approach. You know what you get. Most of the improvements are detail improvements. They're pretty open to future requests as well, so we send them a lot of suggestions. 

For example, at the moment, they have something called Battleground. That's a visualization of the network, and it's a visualization of the attack paths that are possible. The program uses so-called scenarios, and we say, "Okay, I'm watching traffic for maybe 24 hours," and then you get a result for that scenario, what happens in that time with what the attack paths are, et cetera. The result of the same scenario yesterday or tomorrow may be different as something might change. In that, one of the things I'm currently missing, which is on the list to be added, is some kind of diff visualization. For example, showing a two-screen split of activity. On the left side of the screen, that's how it was yesterday; on the right side, that's how it is today; and here are the differences.

We'd like to see a cheaper price.

We've been using the solution for maybe a year now. That said, we found it more than one and a half years ago when they approached one of our employees and she asked me to have a look at it to see if it would be interesting. 

We found it very interesting, as the company I work for has been in information security for ages, and we are also doing penetration testing, and also red-teaming engagements. A few weeks before we tested XM Cyber for the first time, we had a red-team engagement, and our conclusion was if the customer had had that tool before, we would have had an much harder job.

As with any software, we have some problems from time to time, however, no major issues. Stuff gets fixed by XM and it's more or less adjusted in real-time. Since it's not an IDS system that triggers some escalation process, it's not really relevant if something does not work for an hour or for a day. They can fix it, and then it's okay for you.

That said, it's pretty stable. 

Scaling is pretty easy. The licensing concept is straightforward. You license the agents. That's it. If you have one user or one thousand users, it doesn't matter. You can just add users, and give them a name and some permissions. That's it. Adding agents is being done more or less automatically. You can become more granular if you group them, however, this is really, really straightforward.

Even with your attack scenarios, it's so easy to scale. It's a matter of minutes. 

Technical support is pretty good. We never have any problems. They were responsive. They helped us. If we got problems, there was someone on hand. There's no reason to complain about the level of service we get. 

The only thing I could complain about is not a technical problem. It's more an organizational problem for the training of our employees. That was a little bit complicated due to personal changes at XM, however, even under those conditions, it was still pretty good.

Positive

I've never seen something easier to deploy than this solution. 

If you use the cloud-based installation, which is required now, XM Cyber gives you a new clean instance of the backend system. You roll out the agent. It's agent-based, so you have to roll out the agents. That's different for each company. Most of the companies that use XM Cyber have some software rollout mechanisms or software, and you can literally watch the map growing since each agent immediately connects to the backend system and tells it some topology information. On the network, you can watch it grow and give you information. 

There are reported cases of people looking at a screen and having some major problems within 20 minutes. With our installation or any installation we know of at other customers, there haven't been any serious problems or that. XM Cyber is not disturbing network traffic or eating up resources. It's passively in the background. It doesn't interfere with your IDS, IPS, or CM systems since it's passive. You don't see it. It's just there. It works.

Larger companies have teams that do nothing else than manage vulnerabilities and arrange patch-management issues. You can reduce the number of people needed with this product. For example, if you have five, you likely only need three that can probably do something else after initiating this solution. It saves you money while making you more secure. 

The licensing is per agent. 

It's not a cheap solution, however, you get what you pay for. After a demo, people usually want a POC, and after the POC, they normally say, "Yes, we like the product. How much is it?" Then someone tells them a price, and they say, "Okay. It's worth it."

I decided on this product and that's honestly due to the fact that I didn't know anything comparable. We had a quick look at competitive programs, including all the regional tech labeled systems, however, there was nothing like XM. Nothing's that straightforward and uncomplicated. 

We used to work with a remoely comparable tool years ago.That's a comparable program also from Israel. It's been on the market for years and I liked that program very much, however, we found, at the end of the day, that it took configuration information from firewalls, from systems, in different, more error prone ways. At a certain stage, you couldn't tell if the results were proper and correct as we didn't know how the configuration was arranged in the simulation. We were asking is that accurate? Was it read without errors?  Was it read in time?  Or before the latest change? We found out that it took lots of time to determine if the results were correct or not, and at the end of the day, it took the same amount of time as doing it manually. XM is much more straightforward. It simply works.

We are also resellers and also use the product ourselves. We have an almost 100% request for POCs after a one-hour demonstration. I've never seen that before. 

We are using the most recent version of the solution. You normally don't have a choice at the moment. To my knowledge, there's only a cloud version you can license that's kept accurate and up to date by XM itself. We have, for some reason, an on-premise version and take care of that on our own, however, we have the latest version since it's important to maintain up-to-date versions.

I'm not saying it makes you 100% secure. It's an automated pen test. It's not as good as a pen tester is, however, it raises the bar to a level that makes it very, very difficult for an attacker to get somewhere. In a real environment, persistent attacks, people that want to get persistence in your system, ATPs, and stuff like that, if they manage to get access to your network, they don't know in which environment they move or they live there. They don't know if they're IDS systems, SIEM systems, et cetera. Using scanners is not an option there.

If you are limited in your technical means anyway, and there's something like XM that takes away 70% or 80% of your typical starting techniques, it's great. It's not 100%, however, it makes it so difficult for attackers to get somewhere without setting off alarms. I strongly believe that makes you more secure. That was the reason why we bought it for ourselves.

I'd advise others to get a demo. From my personal experience, I saw a demonstration. Since I have a good technical background and I know all the hassles with vulnerability management, I immediately saw the possibilities. People in a demo go, "Wow, finally, a way to manage all this overload of information." This is what almost anybody saw immediately in the presentation. During a POC, which is a 30-day audit where you get a full installation paid, it's going to give you lots of interesting results. We've done that a couple of times before, and we did not have one person say "I didn't like the program. We saw in 30 days and it's no use." Not one person has ever said that.

I'd rate the solution nine out of ten. There are some minor improvements it can make, however, overall, it's very good.