What is our primary use case?
Our customers utilize Cymulate for various purposes, such as conducting ransomware assessments and auditing their overall security posture and technology infrastructure. By leveraging Cymulate's cloud platform, we assess their security readiness and identify vulnerabilities. Our approach involves utilizing Cymulate for vulnerability management and conducting thorough assessments based on the specific needs of each client. This includes using simulated attacks and exercises, to evaluate their defenses comprehensively. The scope of our assessments varies and is tailored to the unique requirements and challenges faced by each organization, allowing our technical team to creatively address and mitigate potential risks.
How has it helped my organization?
Cymulate's platform has enhanced our customers' cybersecurity preparedness and awareness, primarily targeting the internal team rather than end-users. By engaging in routine exercises and assessments, the team's proficiency in handling security threats has significantly improved within two to three months. This results in an estimated enhancement of the organization's overall security posture by at least twenty percent.
The dashboard and reporting capabilities of Cymulate have supported security decision-making across multiple areas.
Cymulate has been instrumental in identifying and mitigating advanced threats such as ransomware through assessments and testing of zero-day vulnerabilities.
What is most valuable?
The most valuable feature for us is the zero-day and advanced APT scenarios for SOC and security teams.
What needs improvement?
The management at Cymulate is inconsistent and unreliable, particularly in the sales process. Changes happen abruptly, with sudden shifts in personnel and strategy. The turnover rate for key positions, such as general management, is high, contributing to a sense of instability and dissatisfaction among clients.
The reporting process requires significant improvement as technical reports often provides general advisory with insufficient remediation details for IT operations, also "top level" non-technical reports are lacking expected quality.
For how long have I used the solution?
I have been working with it for three years.
What do I think about the stability of the solution?
It provides good stability capabilities. I would rate it eight out of ten.
What do I think about the scalability of the solution?
Overall, it scales up seamlessly. We serve around seven enterprise customers.
How are customer service and support?
I've always had the chance to communicate with live representatives, so I haven't had to reach out to support directly. In my experience, their support is reasonable, with no significant drawbacks or issues. They respond in a timely manner, which is appreciated. I would rate it eight out of ten.
How would you rate customer service and support?
How was the initial setup?
The initial setup is straightforward. I would rate it nine out of ten.
What about the implementation team?
The deployment time for Cymulate's services varies depending on the starting milestone, whether it's from the initial setup or another point. For instance, for a ransomware assessment, the initial installation typically takes just one day, with results often available within two to five days, sometimes even within the same day. Once the customer's use cases are agreed upon, setting up the tenant becomes the primary focus, which can be a significant challenge. This involves configuring the agent deployment, determining which segment to install the agent, and finalizing policies and tests. Despite this initial hurdle, the process becomes more straightforward once these steps are completed.
What's my experience with pricing, setup cost, and licensing?
Cymulate's services are expensive for CE EU region . In some cases, it may be more cost-effective to hire a local competitor or ethical hacker for a year to perform frequent testing rather than purchasing Cymulate's services at the same price. I would rate it six out of ten. They offer a subscription model, where additional costs may arise from scaling the solution, such as expanding the number of agents, or adding modules. However their MSSP licensing strategy is unpredictable.
What other advice do I have?
While Cymulate's technology shows great promise and delivers excellent results, their approach to positioning the solution appears to overlap with other companies like Tenable, making them both direct and indirect competitors. Cymulate must refine their messaging and manage expectations effectively.
In my experience, they need to be more attentive internally and mindful of potential negative impacts on customers. They exhibit a high degree of flexibility, which can result in sudden changes without adequate alerting. Communicating with them via phone for business matters can be challenging.
On a scale from one to ten, I would rate Cymulate's technology level at eight, but their business level at four out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: My company has a business relationship with this vendor other than being a customer: Consultant