No more typing reviews! Try our Samantha, our new voice AI agent.

Cymulate vs Rapid7 Exposure Command comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Mar 29, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cymulate
Ranking in Attack Surface Management (ASM)
16th
Ranking in Continuous Threat Exposure Management (CTEM)
6th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
6
Ranking in other categories
Threat Intelligence Platforms (TIP) (15th), Breach and Attack Simulation (BAS) (3rd)
Rapid7 Exposure Command
Ranking in Attack Surface Management (ASM)
19th
Ranking in Continuous Threat Exposure Management (CTEM)
14th
Average Rating
8.0
Reviews Sentiment
5.0
Number of Reviews
2
Ranking in other categories
No ranking in other categories
 

Mindshare comparison

As of July 2026, in the Continuous Threat Exposure Management (CTEM) category, the mindshare of Cymulate is 8.2%, down from 25.3% compared to the previous year. The mindshare of Rapid7 Exposure Command is 2.1%, up from 0.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Continuous Threat Exposure Management (CTEM) Mindshare Distribution
ProductMindshare (%)
Cymulate8.2%
Rapid7 Exposure Command2.1%
Other89.7%
Continuous Threat Exposure Management (CTEM)
 

Featured Reviews

SB
Deputy Manager at a financial services firm with 10,001+ employees
Experience seamless integration and effective dashboard while considering improved EDR configuration support
The way Cymulate works for EDR could be improved, as it drops payload and requires action from the EDR console for remediation, which can block the whole process of Cymulate execution. They should create some KB articles for the granular exclusion from different platforms and improve their technical assistance support.
reviewer2866119 - PeerSpot reviewer
Senior Manager Of Cybersecurity Services at a tech services company with 51-200 employees
Exposure monitoring has provided clear risk insights but still needs stronger cloud and data posture
I believe there are two to three areas where Rapid7 Exposure Command can be improved. First, cloud integrations and the ability to assess cloud posture are essential components of an organization's external attack surface nowadays. Rapid7 Exposure Command has the cloud posture assessment feature, but in my opinion, it should be linked with cloud compliance requirements being introduced locally and internationally. Secondly, regarding data criticality, Rapid7 Exposure Command integrates the DSPM feature, which stands for Data Security Posture Management. I believe this feature is present, but it requires enhancement with global data protection regulations such as GDPR. I am learning about more features in products such as Rapid7 Exposure Command. I mentioned cloud posture assessment across Oracle Cloud, Azure Cloud, and AWS Cloud. Features specific to these cloud offerings would be beneficial. With AWS having separate cloud offerings, Rapid7 Exposure Command must cover all available AWS offerings and relevant services. To be honest, this is an area where I am still learning, so I cannot provide a precisely detailed answer.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The most valuable feature for us is the zero-day."
"With Cymulate, the best features are the capacity to test the EDR or malware, anti-malware solution."
"Cymulate is easy to set up, install, and configure."
"Cymulate has positively impacted our organization by helping us to take care of the efficacy and reviewing the policies and configuration."
"The security validation feature helps my organization in assessing our security posture."
"The reporting capabilities are very good."
"Compared to Tenable or Qualys, Rapid7 Exposure Command is definitely affordable for small-sized or mid-sized engagements, although there are some challenges with detection."
"Rapid7 Exposure Command provides me with satisfaction knowing that my external attack surface and digital risk are being monitored."
 

Cons

"The way Cymulate works for EDR could be improved, as it drops payload and requires action from the EDR console for remediation, which can block the whole process of Cymulate execution."
"The reporting process requires significant improvement as it often takes longer than expected and the quality is lacking."
"The product must provide consultancy for initial setup."
"I will be honest, we have it, but in the last year, I didn't maintain the system until a month ago."
"The cost can be quite high, and it impacts scalability as more simulations require additional expenses."
"We have had some trouble with the agents."
"In the Pakistani market, Rapid7 Exposure Command's pricing is on the expensive side, and that represents one of the challenges we are facing."
"Rapid7 Exposure Command is not as easy to deploy compared to Qualys, and the detection rates are lower than Qualys."
 

Pricing and Cost Advice

"The product is affordable."
"Cymulate's services are expensive."
Information not available
report
Use our free recommendation engine to learn which Continuous Threat Exposure Management (CTEM) solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Manufacturing Company
9%
Computer Software Company
8%
Comms Service Provider
7%
Healthcare Company
16%
Educational Organization
10%
Construction Company
10%
University
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business5
Large Enterprise3
No data available
 

Questions from the Community

What is your experience regarding pricing and costs for Cymulate?
I don't know if it's expensive. It depends on the modules that you want, or the time, because they give you a tenant. A tenant for you.
What needs improvement with Cymulate?
I don't know if that helped with quick decision making for my security team because I am the security team and you must have a dedicated team to work with this tool. I don't use the analytics modul...
What advice do you have for others considering Cymulate?
With Cymulate, I have experience using the vulnerability management tools. I don't know if I have used the Continuous Security Validation with Cymulate. I don't have that module licensed with Cymul...
What needs improvement with Rapid7 Exposure Command?
Rapid7 Exposure Command is not as easy to deploy compared to Qualys, and the detection rates are lower than Qualys. Rapid7 Exposure Command is not exactly complex, but it is medium complex when I c...
What is your primary use case for Rapid7 Exposure Command?
I am specifically providing feedback on Rapid7 Exposure Command. We are using Rapid7 Exposure Command mostly for vulnerability detection and scanning.
What advice do you have for others considering Rapid7 Exposure Command?
Compared to Tenable or Qualys, Rapid7 Exposure Command is definitely affordable for small-sized or mid-sized engagements, although there are some challenges with detection. These challenges are in ...
 

Overview

 

Sample Customers

Euronext, YMCA, Telit, Nemours 
Information Not Available
Find out what your peers are saying about Cymulate vs. Rapid7 Exposure Command and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.