Introducing Cymulate Yearly Platform Usage Report

By Dave Klein

Strategic Value: Proven by Customer Data

As a veteran cybersecurity professional, I get excited when I find a solution that is both strategic and disruptive. Things that simplify, accelerate and optimize my customer’s ability to adapt to changing threats is paramount to me. These elements lead to enterprises minimizing risks, enabling business and building skills. It leads to happier and more confident individuals, teams and companies. Continuous Security Validation through breach attack simulation, here at Cymulate is a perfect example of such a game changing solution.

The realization comes when we can tangibly and objectively measure the results of such a solution not through my words, but through direct customer data. With that said I’m excited to announce a new beginning - the Cymulate Yearly Platform Usage Report - an annual report where we look at our customers’ usage and scores to thoroughly and objectively see how using Cymulate transforms our customers. Let's discuss how Cymulate benefits the enterprise and subsequently look at some of the report’s findings.

 

The Benefit of Cymulate, Continuous Security Validation Solution

  • Continuous Security Validation provides you an easy and comprehensive way to assess your dynamically changing environment and threats and reduce risk.

Business demand for digitally lead innovation has led to technology and best practices that have a greatly accelerated change within the enterprise. From adoption of cloud computing models and automation capabilities. DevOps teams can use a playbook to push out a thousand new workloads with a single click. Add to this the general complexity of today’s enterprise architecture. Most are a mix of legacy on-premises, clouds and third-party SaaS applications which are often not only reachable by our employees, but also our vendors, partners, customers, suppliers and contractors. Finally, take all the above and add a global pandemic where most of the world is remote and now a worker can attach to your crown jewel applications and data from anywhere.

Enterprises are also facing criminal and nation state attackers who continued to work to improve their tactics, techniques and strategies all the time to optimize the monetization and effect of their attacks. Whether worried over the crippling expense, compliance violations and reputational damage or ransomware or wondering if their own enterprise is vulnerable to a state actor attack like we have seen recently in the Solar Winds attack, cybersecurity has truly become a boardroom level item.

Using Continuous Security Validation like Cymulate provides you with a comprehensive yet easy way to keep up with the challenges by making continuous assessments easy to implement and manage in a rolling fashion to keep track of risk, configuration errors and security gaps. As a cloud-based SaaS solution, Cymulate deploys in minutes and is easy to manage. Our Cymulate Labs team of global cybersecurity experts insures Cymulate is updated daily with new attack simulations ensuring our customers always are validating their environment against the most recent threat vectors. These same experts also do all the testing to ensure the tests are safe and non-disruptive. Being automated, enterprises can assess in a more comprehensive fashion against thousands of attack vectors and techniques that would be too arduous to do manually. As usage occurs, the net effect is a healthier enterprise as remediation is prioritized and accomplished. Enterprises can not only track their improvement over time but related their scores to peers within their own industry.

  • Continuous Security Validation not only inoculating the enterprise but shoring up cybersecurity skillsets of your exiting cybersecurity professionals and non-technical employees alike.

Already burdened by a global shortage of skilled cybersecurity professionals has left existing cybersecurity practitioners needing to work with and develop their existing talent. For senior staff, Continuous Security Validation becomes of strategic value by teaching them to easily configure a tangible testing policy that is then automated, continuous and most importantly in a safe fashion.   As new threats appear in the wild, the solution is updated daily in an automated fashion by the solution provider’s experts. The senior staff learns from the industry experts on what the new threat of the day entails and ensures that the enterprise will know the net effect on their security posture right away. For the junior staff, these tools are a phenomenal learning and development opportunity. With their ability to clearly demonstrate and visualize threats and how they work as well as provide prioritized and prescriptive assessment results it greatly enhances the junior staff’s ability to learn as they go.

Beyond narrowing the cybersecurity skills gap among your security team, these solutions also include things that raise the security awareness of your general company staff as well. This is done by incorporating phishing campaign capabilities that allow you to safely send test phishing emails to your staff to see who falls prey to them. The results are smarter employees who learn to avoid them.

Interesting Reports Findings

  • Cymulate used by all customers in a continuous fashion with the average customer incorporating a comprehensive scan a week.

For continuous monitoring to be effective it needs to be done, continuously. Our results show that all our customers did just that with on average each customer doing at least one comprehensive assessment per attack vector per week. This proves that Cymulate was easy to deploy, manage and incorporate into the day-to-day activities of the cybersecurity staff and ensures value was obtained.

  • Where all customers cybersecurity ratings improved, enterprises who used Cymulate more improved more dramatically.

Tracking usage patterns across the customer verticals, we found that the financial sector made up over 51% of all scans done in 2020. Cymulate scores, based on an aggregate score compared against four security frameworks: Mitre Attack Framework, NIST 800-30, CVSS 3 and Microsoft’s version of the DREAD framework. Lower scores being better and meaning less risk: the financial sector who utilized us the most saw a drop from a risk score of 70 in the beginning of the year to a score of 18 by the end of the year.

  • Great improvement seen was in non-technical employee cybersecurity skill sets.

In the past many industry think tanks felt discouraged by the difficulty in getting non-technical professionals educated to avoid pitfalls such as phishing scams. Using third-party companies to run a one-time phishing campaign to educate employees is expensive and not necessarily enough exposure to truly educate your employees. Cymulate, by providing its customers with phishing assessment and testing that is tied to the larger Continuous Security Validation platform and which can be run over the year to continuously educate employees. Next to the financial sectors huge reduction in risk score, Cymulate’s customers saw a dramatic increase in risk reduction in employee’s scores from 66.3 in 2019 to 18.4 by the end of 2020.

  • Cymulate customers ran thousands of tests against ransomware, malware and nation state APT threats. 96% of Cymulate customers tested against Sun Burst.

With 2020 being a challenging year with ransomware and nation state attacks the Cymulate Labs team worked hard to ensure tests for all the latest criminal and APT attacks were added and updated. These tests designed and updated by our experts, when run act like a vaccine for your enterprise – taking a controlled dangerous vector in a safe and controlled manner inoculating the enterprise from an attack in the wild. Usage reports showed our customers wholeheartedly ran an exciting number of these tests in their environments, the highest rate being 96% of our customers running Sunburst backdoor testing of the SolarWinds supply chain attack.

You can find the entire Cymulate Yearly Platform Usage Report and its findings here.

We have truly entered a new era where Continuous Security Validation platforms like Cymulate will provide strategic value to enterprises, shoring up cybersecurity, reducing risk and educating both our cyber security staff and that of our overall employees easily, effectively and comprehensively.

To learn more about Cymulate, top scoring solution in innovation and second highest in growth in Frost & Sullivan’s Global Breach and Attack Simulation Market, 2020 click here.

To read the third-party SANS report by Matt Bromiley on Cymulate click here. Continuous Security Validation Against an Ever-Changing Landscape.

Test the effectiveness of your security controls against possible cyber threats with a 14-day trial of Cymulate's platform. 

Start a Free Trial

Don’t speculate, Cymulate

Dave Klein

Dave Klein is the Director of Cyber Evangelism for Cymulate. With more than 21 years of real-world cybersecurity experience, he works with Cymulate teams, customers and industry thought leaders to address the challenges of securing modern enterprise environments. Dave’s long career includes working on the NIST response to President Obama’s Policy Directive 21 on Critical Infrastructure Security and Resilience, leading some of the largest sales engagements for US Federal security solutions, and working with the City of New York post 9/11, helping shore up cyber defenses.

Subscribe to Our Blog

Stay up to date with the latest cybersecurity news and tips