Try our new research platform with insights from 80,000+ expert users

Bitsight vs Cymulate comparison

BitSight and Cymulate are both solutions in the Attack Surface Management (ASM) category. BitSight is ranked #5 with an average rating of 8.3, while Cymulate is ranked #10 with an average rating of 8.3. BitSight holds a 4.0% mindshare in ASM, compared to Cymulate’s 2.7% mindshare. Additionally, 100% of BitSight users are willing to recommend the solution, compared to 100% of Cymulate users who would recommend it.
Bitsight
Read 9 Bitsight reviews
  • 2,376 Views
  • 998 Comparison Views
100% willing to recommend
Cymulate
Read 6 Cymulate reviews
  • 4,214 Views
  • 843 Comparison Views
100% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Nov 4, 2024

Bitsight and Cymulate compete in the cybersecurity solutions category. Cymulate appears to have an upper hand due to its advanced features that provide in-depth security assessments, which appeals to organizations despite higher pricing.

Features: Bitsight offers security ratings, third-party risk management, and insights into security performance over time. Cymulate provides breach and attack simulation, real-time gap identification, and practical security improvement insights.

Ease of Deployment and Customer Service: Bitsight is known for streamlined deployment and responsive customer service that efficiently resolves issues. Cymulate has a more complex deployment model but offers robust support channels for onboarding and maintenance.

Pricing and ROI: Bitsight has moderate setup costs with stable ROI due to its focus on long-term security performance metrics, often viewed favorably against its benefits. Cymulate has higher initial costs, but offers significant ROI through detailed threat analysis and mitigation strategies.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Bitsight vs. Cymulate Report (Updated: December 2025).
Buyer's Guide
Bitsight vs. Cymulate
December 2025
Download the complete report
Helped 879,443 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Bitsight
Ranking in Attack Surface Management (ASM)
5th
Average Rating
8.2
Reviews Sentiment
6.4
Number of Reviews
9
Ranking in other categories
IT Vendor Risk Management (2nd)
Cymulate
Ranking in Attack Surface Management (ASM)
10th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
6
Ranking in other categories
Threat Intelligence Platforms (TIP) (9th), Breach and Attack Simulation (BAS) (1st), Continuous Threat Exposure Management (CTEM) (2nd)
 

Mindshare comparison

As of January 2026, in the Attack Surface Management (ASM) category, the mindshare of Bitsight is 4.0%, up from 2.2% compared to the previous year. The mindshare of Cymulate is 2.7%, down from 3.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Attack Surface Management (ASM) Market Share Distribution
ProductMarket Share (%)
Bitsight4.0%
Cymulate2.7%
Other93.3%
Attack Surface Management (ASM)
 

Featured Reviews

SA
Suresh A.
Senior AIML Engineer at a tech vendor with 1,001-5,000 employees
Continuous monitoring has strengthened external security and improved customer trust
There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for validation as they identify the issues. What will the real risk be for that identifiable issue? Sometimes it could be open because of the traffic; how they detected it could be seen as vulnerable, but upon testing, it might not be a real issue. It could be a false positive because there could be a honeypot that we built. My thinking is about validation, so if they can build that validation part before they expose the risk to the specific asset, that would help. Additionally, based on their reporting, they could also build risk scores and prioritization, which would also aid us. I would suggest adding dashboards and custom reporting, which could help us by enabling rich custom reports with filters. That is especially for leadership because they will not look at each technical area, but overall they would be looking at the risk score and what the assets or critical exposure areas are. Customizable reporting based on requirements would be valuable. I chose 9 out of 10 because the reporting and dashboards would be the first thing I would consider for improvement, and then the second is about the validation part, which could probably improve to 10 out of 10. I cannot think of too much for additional improvements. Maybe some good automation with the API solutions that could be integrated with the CI/CD pipeline or DevOps tools we are running would also be automated and tested.
Read full review
SB
SaarBar
Security Architec at Shikun & Binui
Support and integration enhance security posture over three years
I don't know if there's something that could be improved. They surprise me. As I mentioned, I returned a month ago. I haven't fully investigated the complete system yet. I must say that we have been with them for around three years. This is amazing because throughout these three years, they have supported us every week. We meet weekly to review results and fix issues together. Apart from occasional days off, this weekly support has been consistent for three years. It's remarkable because many products are sold and then the product teams forget about you, but this isn't the case with Cymulate.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The product helps us identify the vulnerabilities of internet-facing applications."
"I prefer BitSight due to its patch management capabilities. The score is a valuable feature. I have contacted the customer support through e-mail and their response rate is fast. I rate the solution a nine out of ten."
"The best thing about BitSight is the comprehensive list of risk vectors, covering compromised systems, diligence failures, and behavioral anomalies."
"The solution is user-friendly."
"Offers open ports from an external point of view."
"Bitsight gives me a holistic view of my entire security posture, which is something any organization would want to have after getting a tool such as Bitsight."
"Its customer service team responds quickly."
"My advice to others looking into using Bitsight is that it provides a lot of information that was not available before, and it is especially good in recon as it can identify many things about an organization that have never been found earlier, making it a valuable tool."
More Bitsight pros
"With Cymulate, the best features are the capacity to test the EDR or malware, anti-malware solution."
"The most valuable feature for us is the zero-day."
"The reporting capabilities are very good."
"Cymulate has positively impacted our organization by helping us to take care of the efficacy and reviewing the policies and configuration."
"The security validation feature helps my organization in assessing our security posture."
"Cymulate is easy to set up, install, and configure."
 

Cons

"There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side."
"BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating."
"We found that some of the findings are clear false positives, but they still report that, and based on that, the rating goes down until we rectify them."
"Data enrichment is the major issue."
"There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for validation as they identify the issues."
"The solution’s benchmarking should be improved."
"I chose 8 out of 10 because if we receive invites from clients every 45 days, our subscription ends, and we have to renew it."
"Its factor analysis feature could be better."
More Bitsight cons
"The way Cymulate works for EDR could be improved, as it drops payload and requires action from the EDR console for remediation, which can block the whole process of Cymulate execution."
"We have had some trouble with the agents."
"The product must provide consultancy for initial setup."
"The reporting process requires significant improvement as it often takes longer than expected and the quality is lacking."
"I will be honest, we have it, but in the last year, I didn't maintain the system until a month ago."
"The cost can be quite high, and it impacts scalability as more simulations require additional expenses."
 

Pricing and Cost Advice

"The solution's price is average."
"The product has a reasonable price."
"The product is affordable."
"Cymulate's services are expensive."
report
See which vendors are best for you
Use our free recommendation engine to learn which Attack Surface Management (ASM) solutions are best for your needs.
See recommendations
879,443 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
16%
Manufacturing Company
11%
Computer Software Company
8%
Insurance Company
8%
Financial Services Firm
17%
Computer Software Company
10%
Manufacturing Company
8%
Retailer
6%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business3
Large Enterprise5
By reviewers
Company SizeCount
Small Business4
Large Enterprise3
 

Questions from the Community

What do you like most about BitSight?
The solution is user-friendly.
See all answers
What is your experience regarding pricing and costs for BitSight?
The product is a little expensive and very oriented to large companies.
See all answers
What needs improvement with BitSight?
There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for...
See all answers
What do you like most about Cymulate?
The most valuable feature for us is the zero-day.
See all answers
What is your experience regarding pricing and costs for Cymulate?
I don't know if it's expensive. It depends on the modules that you want, or the time, because they give you a tenant. A tenant for you.
See all answers
What needs improvement with Cymulate?
I don't know if that helped with quick decision making for my security team because I am the security team and you must have a dedicated team to work with this tool. I don't use the analytics modul...
See all answers
 

Comparisons

SecurityScorecard vs Bitsight Logo
SecurityScorecard vs Bitsight
Compared 21% of the time
Qualys CyberSecurity Asset Management vs Bitsight Logo
Qualys CyberSecurity Asset Management vs Bitsight
Compared 7% of the time
IONIX vs Bitsight Logo
IONIX vs Bitsight
Compared 6% of the time
Black Kite vs Bitsight Logo
Black Kite vs Bitsight
Compared 6% of the time
RiskRecon vs Bitsight Logo
RiskRecon vs Bitsight
Compared 5% of the time
More Bitsight Competitors
Pentera vs Cymulate Logo
Pentera vs Cymulate
Compared 24% of the time
Picus Security vs Cymulate Logo
Picus Security vs Cymulate
Compared 15% of the time
XM Cyber vs Cymulate Logo
XM Cyber vs Cymulate
Compared 11% of the time
SafeBreach vs Cymulate Logo
SafeBreach vs Cymulate
Compared 7% of the time
The NodeZero Platform by Horizon3.ai vs Cymulate Logo
The NodeZero Platform by Horizon3.ai vs Cymulate
Compared 6% of the time
More Cymulate Competitors
 

Product Reports

Buyer's Guide
IT Vendor Risk Management
December 2025
Bitsight reportDownload Bitsight product report
Buyer's Guide
Cymulate
December 2025
Cymulate reportDownload Cymulate product report
 

Overview

BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter.

BitSight

For companies that want to manage their security posture against the evolving threat landscape: Cymulate SaaS-based Extended Security Posture Management (XSPM) deploys within an hour, enabling security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end across the MITRE ATT&CK framework.

The platform provides out-of-the-box, expert and threat intelligence-led risk assessments that are simple to deploy and use for all maturity levels, and constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarious and advanced attack campaigns tailored to their unique environments and security politices. Cymulate allowes professionals to manage, know and control their dynamic environment. 

Cymulate
 

Sample Customers

Fannie Mae, Cabela's, BNP Paribas, PWC, AIR Worldwide, Con Edison, The Container Store, OshKosh, Steris, University of South Florida, Emblem Health, Lloyds Bank
Euronext, YMCA, Telit, Nemours 
Buyer's Guide
Bitsight vs. Cymulate
December 2025
Free Report: Bitsight vs. Cymulate
Find out what your peers are saying about Bitsight vs. Cymulate and other solutions. Updated: December 2025.
DOWNLOAD NOW
879,443 professionals have used our research since 2012.
See our Bitsight vs. Cymulate report.
See our list of best Attack Surface Management (ASM) vendors.

We monitor all Attack Surface Management (ASM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.