Share your experience using XM Cyber

My main use case for XM Cyber was to allow us to overcome a problem we had with remediating known scanned vulnerabilities. In other words, we were able to detect vulnerabilities, but given all the other pressures of work on the IT and security teams, we found it more difficult to prioritize the remediation of the vulnerabilities and make sure that we've fixed those vulnerabilities that represent the biggest risk to our business.

For example, we had a large number of vulnerabilities arising in our end-user PC estate, some of which arose from the browser end of the software installed on those PCs and some of them arose from the operating system on those PCs. We were able to quickly prove through the use of XM Cyber that the highest priority remediation should focus on the browser vulnerabilities rather than the operating system.

XM Cyber made it clear that browser vulnerabilities were the top priority because the platform was able to examine how vulnerabilities within our estate could be exploited and what the path would be from some bad actor in order to exploit those vulnerabilities. The ones that we prioritized, the vulnerabilities that we prioritized as a result of XM Cyber, were those that XM Cyber was indicating were most exploitable, and this is very powerfully illustrated when you look at XM Cyber and you examine the attack path maps it provides.

By far, the best feature of XM Cyber is being able to map out the way vulnerabilities can be exploited based on what they call the choke points in the network where the path that a bad actor would take comes closest to assets within our environment that are most vulnerable but also most valuable.

XM Cyber has positively impacted my organization by enabling us to focus our resources in security and in IT teams on the risks that are most significant to our business.

I wish to add that we intend to develop closer integration between XM Cyber and the other tools that help us tackle the issue of threats and vulnerabilities across our IT estate, ranging from the vulnerability management tools that do the vulnerability discovery through to tools at the other end, which would provide regular reports on not just the elimination of vulnerabilities, but other aspects of the security of our environment.

Integrating the XM Cyber functionality into tools or functionality that's up and downstream in the vulnerability management cycle needs improvement, and clearly there is scope for XM Cyber to more closely integrate some of that functionality over time, and indeed that's something that they are doing.

I have been using XM Cyber for just over two years.

XM Cyber is stable. We have quite a complex and large IT estate, and we've certainly experienced no limitations or problems arising from the ability of XM Cyber's product to scale across that estate.

Customer support for XM Cyber is good, responsive, and it follows up on issues. We've had some complex issues in the past, and it's naturally taken a little while to get to the bottom of those, but that was assisted more than hindered by XM Cyber's approach to support. I would rate the customer support an eight.

Positive

We did not previously have a threat exposure management solution in place.

More generally, we haven't actually saved time spent on vulnerability management, but the product of that time spent has been more effective in as much as it's reduced the timescale to remediate vulnerabilities that are identified as representing a high risk.

My experience with pricing, setup cost, and licensing was that we have a large, complicated estate, and in the licensing discussions, we were keen not to have the cost balloon because of the complication, the number of PCs and servers that we have. We were able to work with XM Cyber to reach a satisfactory conclusion on both sides, and we worked on a multi-year agreement to give both sides some confidence in the commercial agreement. Overall, the experience was very positive.

Before choosing XM Cyber, we evaluated two or three other options, including NDR type tools like Darktrace, and we also looked at some of the extended offerings of companies like Tenable, Rapid7, and Qualys.

In my day-to-day work, I use those visualizations or reports from XM Cyber at least weekly, if not more often than that.

We have not saved any time or effort, but we can prove that the effort involved around vulnerability management has been better spent to greater effect, and we've been able to demonstrate that vulnerabilities that do represent a high risk have been remediated more rapidly and more effectively.

We did not purchase XM Cyber through the AWS Marketplace.

From our experience, I would advise others looking into using XM Cyber to ensure that at the beginning of your journey, you have a reasonably complete and accurate inventory of your IT assets, the IT assets which you're going to use XM Cyber to help protect. Whether that's in the form of a formal CMDB or a less complete or singular inventory, it's important because that will allow you to relate the results of the XM Cyber product to assets that have value in your business. I would also ensure that you have wide visibility of whatever tool you're using to do vulnerability discovery so that you can compare the results of that with what XM Cyber is seeing and be confident that you have complete visibility of the vulnerabilities in your IT estate.

If XM Cyber can pull off the further integration of functionality around threat and exposure management, then it will consolidate its position, at least in our security toolkit, as being a very significant assistance in maintaining the security of our business.

I rate XM Cyber eight out of ten.

The main use case for XM Cyber is primarily to help us understand risks around our data center estate, and we're starting our second use case by using it in the cloud. It helps us to manage risk and identify where to apply efforts for remediation.

Once we deployed XM Cyber, it allowed us to gain insights where normal vulnerability scanners are very limited. Vulnerability scanners primarily focus on patches, issues, and severity levels, and some handle this with lightweight intelligence. XM Cyber goes one step further because it's not always about patches, but about credentials and memory or Active Directory configurations. It's more tuned to how an attacker will start once they compromise your entry points or machines. It's the first step on how they do reconnaissance, and they pivot, which we call from one asset to another asset toward your crown jewels. It's about constantly mimicking the attackers, giving you better insights on how to manage your risks and focus remediation efforts on several assets, which we call chokepoints, to reduce other risks elsewhere so they can't reach the pot of gold.

XM Cyber allows us to focus our remediation efforts. Typically, remediation IT teams focus sometimes depending on the size and age of their estate, maybe up to 20% of their time. Depending on the IT teams, it could range from five individuals to 30 or 40 individuals; if you equate that into time, that's a large amount. XM Cyber really allows us to focus their efforts on what's important to the business, which is managing that risk. From industry data and our own, we know that only 8% are exploited regarding patching, so XM Cyber straight away allows us to focus. It also allows us to focus on other issues besides patching, such as credentials and memory. We have reduced this down from approximately 20% to 8%, resulting in considerable savings in time and money while managing the risk much better.

In that particular regard, previously other CISOs would probably have to deploy red teams or pen testers constantly to have visibility because IT estates are not static; they are constantly changing and configurations are changing. XM Cyber runs these risk scenarios at different parts of your estate constantly, mimicking the real world. It allows us to focus on what's important—remediation of particular chokepoints can eliminate or reduce the risk to a negligible point, disrupting hackers on their path from server to server navigating toward the pot of gold. It's all about risk management and focusing on efforts that matter to the company.

There was a very compelling moment when we first installed XM Cyber; it was six weeks in, and naturally, we kept some of our existing tooling as an overlap. XM Cyber saw something that could have hurt us as a business, which made it clear we saw immediate value from that moment. We remediated it quickly, which was crucial for us, and it saved a lot of effort. If the particular servers had been compromised, it could have hurt us, so XM Cyber helps us identify issues constantly.

One important recent development over the last year of XM Cyber is Attack Surface Management, which monitors our attack surface management. Previously, we monitored it, but with XM Cyber's recent capabilities, it looks from the outside in—how people often do reconnaissance on your estate, perhaps wrong ports open, wrong configurations, or vulnerabilities exposed. You can then translate that reflection onto the internal part, so it gives you full line of sight from outside right down to the internals, which is very important.

Approximately, we have 20 people in IT managing our data center estate. Their time was typically 15 to 20%, which we've reduced down to 8% of their time. If you multiply that by typically 35 hours, I am saving probably about seven hours per week per individual. When multiplied, there's immediate cost saving. More importantly, we conduct quantitative risk assessments using the FAIR framework, which includes our resistance to attack as part of how we measure it. XM Cyber provides excellent metrics to help us gauge that, and part of it involves reducing our loss exposure amount. With XM Cyber managing our risks better, our loss exposure amount has reduced significantly, leading to two big wins: our loss exposure amount has gone down, and we have direct savings from focusing our team's time on what's important, allowing them to work on other business benefits and generate value for the company.

We tightly integrate with APIs, consuming feeds and open source data. We have integrated with XM Cyber, and we are elevating ourselves with AI and MCP tools as we view this as a forerunner to reducing the workload for our agents and IT staff. We're pushing all our security partners to provide AI and MCP tools. Our vision is for them to offer a chat interface where a junior IT or an experienced infrastructure engineer can ask for what needs to be patched next without using an interface.

Their current interface is very usable and professional, ranking in the top tier of applications. Their reporting is good, offering custom reports, and their API integration is a new capability that serves us well. We have high expectations for the next generation, such as a chat interface to ask questions. However, everything has been very good. We push the boundaries with digital twins; I understand XM Cyber uses a similar concept of graph databases to map environments. I would like access to that and querying languages, enabling more informed business decisions.

XM Cyber sees much of our estate, which is beneficial for making informed decisions, and we can harness those insights and data for business analytics. For instance, it could help us gain insights into change management—if a particular server impacts another and that server is supported by yet another server, we could glean significant insights for change management meetings.

We have been using XM Cyber for just over two years.

XM Cyber is stable.

We have not experienced any issues with scalability or reached its limits. We do test their beta product releases, and what is heartwarming is how quickly they respond to issues and subtle nuances in their design. This responsiveness indicates a strong partnership; a security partner that listens to their customers.

The customer support is fantastic; it's probably some of the best we've received across all our security vendors. My team agrees, and it includes a diverse range of people. Over the last 10 to 15 years, XM Cyber is probably in the top two for customer support.

We did not use a different solution. We utilized and still conduct security penetration testing. We have indirectly saved on the number of pen tests required, still conducting the same amount but in different business areas. XM Cyber acts as a lightweight security pen tester running across your environment daily, which brings substantial value.

The setup was quite simple. We were very concerned about deploying XM Cyber agents across our estate since we have a mixed Linux and Windows environment, which might require us to reboot servers, thereby slowing the rollout capability and time to value. We were pleasantly surprised that during our proof of concept and in reality, we did not have to reboot any servers whatsoever. This was a strong advocate for XM Cyber's deployment.

The training was excellent across the team, including multiple training sessions, and the online information and remediation advice provided are excellent. Regarding commercials, I communicated with the UK sales team, and they were very good, professional, and not overly pushy, resulting in a long-term view and understanding, along with the support we needed.

Six weeks into using XM Cyber, we saw a compelling return on investment—primarily in risk reduction. There was a specific issue that our other security tooling did not pick up, but XM Cyber did. This marked a compelling moment for us, in addition to the fact that we reduced the amount of time spent on IT remediation. Previously, that was up to about 15% of their time, which we've reduced to 8%. Mathematically, you can calculate the savings, leading to over 60,000 US dollars saved per year. However, our most significant saving is in reducing our loss exposure amount. If a negative scenario were to occur, the likelihood of that happening is less, enabling us to conduct much better quantitative risk management.

We did evaluate the market and considered several options but eventually decided to move forward with XM Cyber through a proof of concept. We have a set method for introducing security technology into the business, which involves use case assessments and integration points. During our four-week proof of concept, we tightly integrated with their API, trained our teams, and deployed the solution, which satisfied our requirements. Typically, we discover the majority of issues within those first four weeks. After signing, by week six, we saw the value.

My advice for others considering XM Cyber is to plan well. It is worth purchasing from a security perspective. Initially, I believed I would use XM Cyber for only 12 months, but I changed my views a few weeks into that and reset my expectations. Now it is a core part of my strategy for identification. I would say to potential CISOs and security teams to plan thoroughly. They will likely be surprised by what they learn. Successfully engaging different teams during the remediation process and focusing on what matters is essential.

Those accustomed to historical working practices will need to adapt, but positively, they'll experience less burden. The remediation advice from XM Cyber is excellent; it's in a language that IT people can easily use without needing security specialists to interpret it. That's a significant benefit. Moreover, how you manage metrics and share operational metrics with senior leadership may require a different approach. It's positive that you have the capability to measure it, but I'd advise CISOs to think ahead regarding this area.

I am excited about the future growth and opportunity. Cyber Threat Management is a growing field, and CISOs are beginning to adopt it. We primarily use XM Cyber for our data center, but I know it will soon start complementing my cloud estate and visibility because CNAP-type tools have limitations in identification.

On a scale of 1-10, I rate XM Cyber a 9 out of 10.