We use the product to identify the vulnerabilities in the network.
The easiest route - we'll conduct a 15 minute phone interview and write up the review for you.
Use our online form to submit your review. It's quick and you can post anonymously.
We use the product to identify the vulnerabilities in the network.
The platform's most valuable feature is attack simulation. It provides an efficient testing ground for security functionalities.
XM Cyber could identify all areas of vulnerability. They could expand the identification span for different areas.
We have been using XM Cyber for a year. At present, we are using the latest version.
I rate the platform's stability an eight out of ten.
We work with ten XM Cyber customers. It is suitable for medium to large enterprises. I rate the scalability an eight out of ten.
There are many ways to deploy XM Cyber. We encounter complexity while deploying the agent during the setup. I rate the process a seven out of ten.
We have to pay standard licensing fees. There are no additional costs. It is an expensive product. I rate the pricing a seven out of ten.
XM Cyber helps identify risk by creating a shadow environment mirroring the production system. While it doesn't directly mitigate risks, it simulates attacks across this replica, uncovering vulnerabilities and weak points within the system. Once a WISC is established, it highlights the vulnerability and offers recommendations for improvement. It provides reporting templates, making the process faster.
I rate it an eight out of ten.
For us, it just improves our security. It is as simple as that.
We have a number of requirements. First of all, there are compliance requirements. You need to do vulnerability management and you have to be secure. In our case, we needed to protect our customers' information. In classic vulnerability management, you use scanners such as Tenable or Qualys and those tools are quite good. They have been programmed to find as much as possible. Previously, you sold by the number of vulnerabilities they found, and if you got more than the competitor, you were better. The problem is nowadays if you scan large networks, you get a huge number of vulnerabilities. It's often tens of thousands or even hundreds of thousands. Nobody can deal with that amount. Nobody.
Therefore, you have to say "Well, okay, we have 40,000 vulnerabilities from low to medium to critical. We'll skip low and medium and take care of the critical ones only." However, this is only a quantitative approach. There are vulnerabilities that are not critical in the sense of the scanner, yet, in this context, they are critical.
On the other hand, there are lots of critical vulnerabilities that are not business-critical. If they compromise the system, what XM Cyber does, is it breaks all that down to attack paths, and it's an assumed breach scenario. XM assumes you have a broken, for example, web server, and it tells you what that means for you when you have an attacker inside your network. That can be bad, however, it's not necessarily extremely bad. Maybe he doesn't get any further from that system, for example, and cannot do any lateral movement. If it's possible to do lateral movement, XM will tell you. That's a great advantage. It shows you the vulnerabilities that matter with respect to an attacker trying to approach your crown jewels, so to speak.
With this product, at the end of the day, you don't have to deal with ICMP ping reply vulnerabilities or stuff like that. It shows you the relevant vulnerabilities. Often, it shows you if you have an up-to-date managed network, patch management, et cetera. Normally there are just a few systems that are not patched correctly, for whatever reason, and XM will tell you. Those systems may be responsible for a part of an attack path and others may not. If the others are not part of an attack path, it's not that urgent to take care of them since they are vulnerable, yet not as much.
The product allows you to go to those systems that are part of an attack path and fix that. The areas that would normally cause your sleepless nights are focused on. You fix those immediately, and you have more time for the rest. At the end of the day, this is much quicker. It's not a quantitative approach. It's a qualitative approach. It saves you lots of work if you don't have to patch something immediately. You don't have to call a meeting with a business owner and tell him, "Wow, we need to reboot your systems," and he's telling you, "No, we can't." This saves you a lot of work and lots of discussions and makes you much, much more secure.
What I personally like very much, from my experience, is that it is very reliable. If you have tools that try to do more, to make more technology, or interact with other software products, you often cannot decide who's right. Is this solution right in interpreting the data it gets? Or is the configuration it has read correctly interpreted...or not? With XM Cyber, that answer is quite simple. It's a straightforward approach and it works. We haven't seen any false positives or anything like that.
There's a lot of improvement possible, however, most of it is in the details. I personally like the concept, as it's pretty straightforward and the product is not trying to overload functionality. It's a clean and straightforward approach. You know what you get. Most of the improvements are detail improvements. They're pretty open to future requests as well, so we send them a lot of suggestions.
For example, at the moment, they have something called Battleground. That's a visualization of the network, and it's a visualization of the attack paths that are possible. The program uses so-called scenarios, and we say, "Okay, I'm watching traffic for maybe 24 hours," and then you get a result for that scenario, what happens in that time with what the attack paths are, et cetera. The result of the same scenario yesterday or tomorrow may be different as something might change. In that, one of the things I'm currently missing, which is on the list to be added, is some kind of diff visualization. For example, showing a two-screen split of activity. On the left side of the screen, that's how it was yesterday; on the right side, that's how it is today; and here are the differences.
We'd like to see a cheaper price.
We've been using the solution for maybe a year now. That said, we found it more than one and a half years ago when they approached one of our employees and she asked me to have a look at it to see if it would be interesting.
We found it very interesting, as the company I work for has been in information security for ages, and we are also doing penetration testing, and also red-teaming engagements. A few weeks before we tested XM Cyber for the first time, we had a red-team engagement, and our conclusion was if the customer had had that tool before, we would have had an much harder job.
As with any software, we have some problems from time to time, however, no major issues. Stuff gets fixed by XM and it's more or less adjusted in real-time. Since it's not an IDS system that triggers some escalation process, it's not really relevant if something does not work for an hour or for a day. They can fix it, and then it's okay for you.
That said, it's pretty stable.
Scaling is pretty easy. The licensing concept is straightforward. You license the agents. That's it. If you have one user or one thousand users, it doesn't matter. You can just add users, and give them a name and some permissions. That's it. Adding agents is being done more or less automatically. You can become more granular if you group them, however, this is really, really straightforward.
Even with your attack scenarios, it's so easy to scale. It's a matter of minutes.
Technical support is pretty good. We never have any problems. They were responsive. They helped us. If we got problems, there was someone on hand. There's no reason to complain about the level of service we get.
The only thing I could complain about is not a technical problem. It's more an organizational problem for the training of our employees. That was a little bit complicated due to personal changes at XM, however, even under those conditions, it was still pretty good.
Positive
I've never seen something easier to deploy than this solution.
If you use the cloud-based installation, which is required now, XM Cyber gives you a new clean instance of the backend system. You roll out the agent. It's agent-based, so you have to roll out the agents. That's different for each company. Most of the companies that use XM Cyber have some software rollout mechanisms or software, and you can literally watch the map growing since each agent immediately connects to the backend system and tells it some topology information. On the network, you can watch it grow and give you information.
There are reported cases of people looking at a screen and having some major problems within 20 minutes. With our installation or any installation we know of at other customers, there haven't been any serious problems or that. XM Cyber is not disturbing network traffic or eating up resources. It's passively in the background. It doesn't interfere with your IDS, IPS, or CM systems since it's passive. You don't see it. It's just there. It works.
Larger companies have teams that do nothing else than manage vulnerabilities and arrange patch-management issues. You can reduce the number of people needed with this product. For example, if you have five, you likely only need three that can probably do something else after initiating this solution. It saves you money while making you more secure.
The licensing is per agent.
It's not a cheap solution, however, you get what you pay for. After a demo, people usually want a POC, and after the POC, they normally say, "Yes, we like the product. How much is it?" Then someone tells them a price, and they say, "Okay. It's worth it."
I decided on this product and that's honestly due to the fact that I didn't know anything comparable. We had a quick look at competitive programs, including all the regional tech labeled systems, however, there was nothing like XM. Nothing's that straightforward and uncomplicated.
We used to work with a remoely comparable tool years ago.That's a comparable program also from Israel. It's been on the market for years and I liked that program very much, however, we found, at the end of the day, that it took configuration information from firewalls, from systems, in different, more error prone ways. At a certain stage, you couldn't tell if the results were proper and correct as we didn't know how the configuration was arranged in the simulation. We were asking is that accurate? Was it read without errors? Was it read in time? Or before the latest change? We found out that it took lots of time to determine if the results were correct or not, and at the end of the day, it took the same amount of time as doing it manually. XM is much more straightforward. It simply works.
We are also resellers and also use the product ourselves. We have an almost 100% request for POCs after a one-hour demonstration. I've never seen that before.
We are using the most recent version of the solution. You normally don't have a choice at the moment. To my knowledge, there's only a cloud version you can license that's kept accurate and up to date by XM itself. We have, for some reason, an on-premise version and take care of that on our own, however, we have the latest version since it's important to maintain up-to-date versions.
I'm not saying it makes you 100% secure. It's an automated pen test. It's not as good as a pen tester is, however, it raises the bar to a level that makes it very, very difficult for an attacker to get somewhere. In a real environment, persistent attacks, people that want to get persistence in your system, ATPs, and stuff like that, if they manage to get access to your network, they don't know in which environment they move or they live there. They don't know if they're IDS systems, SIEM systems, et cetera. Using scanners is not an option there.
If you are limited in your technical means anyway, and there's something like XM that takes away 70% or 80% of your typical starting techniques, it's great. It's not 100%, however, it makes it so difficult for attackers to get somewhere without setting off alarms. I strongly believe that makes you more secure. That was the reason why we bought it for ourselves.
I'd advise others to get a demo. From my personal experience, I saw a demonstration. Since I have a good technical background and I know all the hassles with vulnerability management, I immediately saw the possibilities. People in a demo go, "Wow, finally, a way to manage all this overload of information." This is what almost anybody saw immediately in the presentation. During a POC, which is a 30-day audit where you get a full installation paid, it's going to give you lots of interesting results. We've done that a couple of times before, and we did not have one person say "I didn't like the program. We saw in 30 days and it's no use." Not one person has ever said that.
I'd rate the solution nine out of ten. There are some minor improvements it can make, however, overall, it's very good.
