Comprehensive multi-vector cyber security validation


Validate your security assumptions and identify possible gaps via simulated multi-vector attacks from Cymulate attack simulation software. After the attack simulation is complete, Cymulate provides you with a comprehensive security report that contains root cause analysis and remediation recommendations for you to action.

Cymulate’s advanced technology allows you to launch simulations of cyber-attacks against your organisation, immediately exposing vulnerabilities and providing mitigation procedures.

  • Continuous verification of your security posture

  • Provides Cyber Security Risk Score

  • Immediately exposes vulnerabilities

  • Provides mitigation procedures to close security gaps

The Cymulate Dashboard - What’s your current security status?

Screen Shot 2018-10-29 at 5.14.56 pm.png


Simulate multi-vector attacks from internal and external sources


Technical and executive summary reports give management visibility of cyber security gaps                                                


Take remediation action, make informed budget allocation decisions - make your organisation more cyber resilient                                                         

Attack Simulations


What you get

Immediate Threat Assessment

Cymulate’s immediate threat alert solution is designed to inform and evaluate your organisation’s security posture as quickly as possible against the latest real and immediate threats. The simulation is created by the Cymulate Research Team, who discover and analyse the newest and most recent cyber threats. By running this simulation, you can validate if your organisation would be vulnerable to these latest threats and take measures before such an attack will take place.

Email Security Assessment

Cymulate’s email assessment is designed to evaluate your organisation's email security and potential exposure to a number of malicious payloads sent by email. The assessment exposes critical vulnerabilities within the email security framework. By sending such emails containing e.g., ransomware, worms, Trojans, or links to malicious websites, the assessment shows if these emails could bypass your organisations’ first line of defence and reach your employees. Following such assessment, the next step would be to test the employees’ security awareness regarding receiving socially engineered emails that try to lure the employees into opening malicious attachments, disclosing their credentials or clicking on malicious links

Web Gateway Assessment

Cymulate’s Web Gateway assessment is designed to evaluate your organisation's outbound exposure to malicious or compromised websites. Using common HTTP/HTTPS protocols, it enables you to verify your organisation’s exposure to an extensive and continuously growing database of malicious and compromised websites for testing.

Web Application Assessment 

Web applications have become a central business component, and can include a multitude of backend web apps, including mobile apps, SaaS apps and other cloud-delivered solutions. Organisations often rely on Web Application Firewall (WAF) for protecting their web apps. It is very easy for cybercriminals and novice black hat’s to find automated attack tools online, and with these tools they can insert a URL address as the target and launch their attack.

With Cymulate’s WAF assessment, you can check if your WAF configuration, implementation and features are able to block payloads before they get to your web applications. The platform simulates an attacker trying to bypass your organisation’s WAF and reach the web application and perform malicious actions, such as mining sensitive information, inflicting damage and forwarding users to infected websites.

Hopper - Lateral Movement Assessment

Once the perimeter defences of an organisation fail and the attacker has a foothold in your organisation, lateral movement inside a Windows Domain Network is a common next step in a penetration scenario. Cymulate’s Hopper assessment simulates a compromised workstation inside the organisation and exposes the risk that can occur by a potential cyberattack or threat. Various techniques and methods are used to laterally move inside the network. Mitigation recommendations are offered for each threat that has been discovered depending on the type of attack and phase it reached in its distribution method.

Endpoint Assessment

Organisations reinforce their endpoints with layers of protection such as antivirus, antispyware and behavioral detection. They even deploy highly sophisticated deception systems to lead attackers away from the real endpoints and information to honeypots and traps. However, as seen in many cases in the last couple of years security measures such as EDRs EPPs and AVs still falling short

Cymulate’s endpoint assessment allows organisations to deploy and run real ransomware, Trojans, worms, and viruses on a dedicated endpoint in a controlled and safe manner. The assessment ascertains if the security products are tuned properly and are actually protecting your organisation’s endpoints against the latest attack methods. The comprehensive testing covers all aspects of endpoint security.

Data Exfiltration Assessment

Organisations are forced to comply with an increasing number of laws and regulations designed to better safeguard their data. Data breaches can have a large financial impact on a victim company’s reputation and bottom line.

The data exfiltration assessment is designed to evaluate how well your security solutions and controls prevent any extraction of critical information from your organisation. The platform tests the outbound flows of data (such as personally identifiable (PII), medical, financial and confidential business information).

The assessment results are presented in a comprehensive report in an easy-to-understand format, and mitigation recommendations are offered for each threat discovered, depending on the type of attack and phase it reached in its distribution method.

Phishing Assessment

Cymulate’s phishing awareness solution is designed to evaluate your employees' security awareness. It simulates phishing campaigns and detects weak links in your organisation. It is designed to reduce the risk of spear-phishing, ransomware or CEO fraud, and help deter data breaches, minimise malware-related downtime and reduce the need for incident response.

The security awareness is tested by creating and executing simulated phishing campaigns enabling you to detect the weakest links in your organisation.

Various techniques and methods are used such as:

  1. Spear-phishing using different templates assigned to a corresponding landing page

  2. Different payloads such as links, attachments and credential theft


Getting Started

Download 1.jpg

Install the agent

Register for a free trial, download and install the agent.


Run the attack simulations

Run the attack simulations via the Cloud based SaaS Dashboard


Analyse and remediate

Comprehensive report details successful attacks and suggests remediation actions


How secure is your organisation?

Get your free trial of Cymulate here and find out

Name *