The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
My major use case for XM Cyber is managing the services in our company, Prosegur Iberia, for Spain and Portugal. We develop and work together with XM Cyber technicians to develop use cases and analyze the alerts.
XM Cyber permits us to identify if a zero-day vulnerability can affect our infrastructure. It helps me understand the company's total risk that we have in our infrastructure and workstation vulnerability, and it permits us to identify the real impact when we have a vulnerability.
The attack simulation feature in XM Cyber is significant. We analyze with our COC team to prevent alerts and attacks. Our analysts, who have knowledge about our attackers and alerts, define new alerts and use cases in other technologies such as EDR, depending on the need.
I can divide the benefit from XM Cyber for my company into two aspects. In business, having XM Cyber can reduce your assurance cyber policy. It permits organizing the team when we have to solve a critical vulnerability because we can put the focus on the real impact.
The roadmap is a disadvantage because this kind of technology should incorporate AI. At the moment, we don't have any modules with AI.
They could improve support because when we need to create a super case and escalate to resolve with technical support, they resolve our ticket in approximately two weeks. This aspect needs improvement.
I have been a user for two years.
It's very stable. We don't find any problems with the platform.
It is very scalable overall. I would rate the scalability at eight points.
Support could improve in this aspect. I would rate it 7.5.
Positive
It was a decision in our group to purchase the product. We don't have any problems with compliance in general.
My overall experience with this product depends on the team that manages it. Since it's a new technology, the best way is to have a team with expertise to take advantage and manage the product effectively.
I would rate XM Cyber at seven out of ten points.
My main use case for XM Cyber was to allow us to overcome a problem we had with remediating known scanned vulnerabilities. In other words, we were able to detect vulnerabilities, but given all the other pressures of work on the IT and security teams, we found it more difficult to prioritize the remediation of the vulnerabilities and make sure that we've fixed those vulnerabilities that represent the biggest risk to our business.
For example, we had a large number of vulnerabilities arising in our end-user PC estate, some of which arose from the browser end of the software installed on those PCs and some of them arose from the operating system on those PCs. We were able to quickly prove through the use of XM Cyber that the highest priority remediation should focus on the browser vulnerabilities rather than the operating system.
XM Cyber made it clear that browser vulnerabilities were the top priority because the platform was able to examine how vulnerabilities within our estate could be exploited and what the path would be from some bad actor in order to exploit those vulnerabilities. The ones that we prioritized, the vulnerabilities that we prioritized as a result of XM Cyber, were those that XM Cyber was indicating were most exploitable, and this is very powerfully illustrated when you look at XM Cyber and you examine the attack path maps it provides.
By far, the best feature of XM Cyber is being able to map out the way vulnerabilities can be exploited based on what they call the choke points in the network where the path that a bad actor would take comes closest to assets within our environment that are most vulnerable but also most valuable.
XM Cyber has positively impacted my organization by enabling us to focus our resources in security and in IT teams on the risks that are most significant to our business.
I wish to add that we intend to develop closer integration between XM Cyber and the other tools that help us tackle the issue of threats and vulnerabilities across our IT estate, ranging from the vulnerability management tools that do the vulnerability discovery through to tools at the other end, which would provide regular reports on not just the elimination of vulnerabilities, but other aspects of the security of our environment.
Integrating the XM Cyber functionality into tools or functionality that's up and downstream in the vulnerability management cycle needs improvement, and clearly there is scope for XM Cyber to more closely integrate some of that functionality over time, and indeed that's something that they are doing.
I have been using XM Cyber for just over two years.
XM Cyber is stable. We have quite a complex and large IT estate, and we've certainly experienced no limitations or problems arising from the ability of XM Cyber's product to scale across that estate.
Customer support for XM Cyber is good, responsive, and it follows up on issues. We've had some complex issues in the past, and it's naturally taken a little while to get to the bottom of those, but that was assisted more than hindered by XM Cyber's approach to support. I would rate the customer support an eight.
Positive
We did not previously have a threat exposure management solution in place.
More generally, we haven't actually saved time spent on vulnerability management, but the product of that time spent has been more effective in as much as it's reduced the timescale to remediate vulnerabilities that are identified as representing a high risk.
My experience with pricing, setup cost, and licensing was that we have a large, complicated estate, and in the licensing discussions, we were keen not to have the cost balloon because of the complication, the number of PCs and servers that we have. We were able to work with XM Cyber to reach a satisfactory conclusion on both sides, and we worked on a multi-year agreement to give both sides some confidence in the commercial agreement. Overall, the experience was very positive.
Before choosing XM Cyber, we evaluated two or three other options, including NDR type tools like Darktrace, and we also looked at some of the extended offerings of companies like Tenable, Rapid7, and Qualys.
In my day-to-day work, I use those visualizations or reports from XM Cyber at least weekly, if not more often than that.
We have not saved any time or effort, but we can prove that the effort involved around vulnerability management has been better spent to greater effect, and we've been able to demonstrate that vulnerabilities that do represent a high risk have been remediated more rapidly and more effectively.
We did not purchase XM Cyber through the AWS Marketplace.
From our experience, I would advise others looking into using XM Cyber to ensure that at the beginning of your journey, you have a reasonably complete and accurate inventory of your IT assets, the IT assets which you're going to use XM Cyber to help protect. Whether that's in the form of a formal CMDB or a less complete or singular inventory, it's important because that will allow you to relate the results of the XM Cyber product to assets that have value in your business. I would also ensure that you have wide visibility of whatever tool you're using to do vulnerability discovery so that you can compare the results of that with what XM Cyber is seeing and be confident that you have complete visibility of the vulnerabilities in your IT estate.
If XM Cyber can pull off the further integration of functionality around threat and exposure management, then it will consolidate its position, at least in our security toolkit, as being a very significant assistance in maintaining the security of our business.
I rate XM Cyber eight out of ten.
