Cymulate Reviews & Product Details

Cymulate is a leading on-prem and cloud-based Security Validation and Exposure Management Platform leveraging the industry's most comprehensive and user-friendly Breach and Attack Simulation technology. We empower security teams to prioritize remediation by continuously testing and harden defenses against immediate threats from the attacker's point of view. Cymulate deploys within an hour, integrating with a vast tech alliance of security controls, from EDR, to email gateways, web gateways, SIEM, WAF and more across hybrid, on-premise, cloud and Kubernetes environments. Customers see increased prevention, detection and improvement to overall security posture from optimizing their existing defense investments end-to-end across the MITRE ATT&CK® framework. The platform provides out-of-the-box, expert, and threat intelligence-led risk assessments that are simple to deploy and use for all maturity levels, and are constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies.

Product Website

Seller

Cymulate

Discussions

Cymulate Community

Languages Supported

English

Product Description

Cymulate comprehensively identifies the security gaps in your infrastructure and provides actionable insights for proper remediation. Run safely from the internet, our battery of simulated attacks causes no interruption to your operation or business productivity.

Overview by

Aviva Spotts

Value at a Glance

Averages based on real user reviews.

Time to Implement

1 month

View More Pricing Information

Cymulate Integrations

(49)

Verified by Cymulate

Carbon Black EDR

Cisco Secure Endpoints

CloudGuard

Cortex

CrowdStrike Falcon Endpoint Protection Platform

CrowdStrike Falcon Exposure Management

Cybereason Managed Detection and Response

CylanceENDPOINT

Cynet - All-in-One Cybersecurity Platform

Devo

Elastic Security

Exabeam New-Scale Fusion

Fortinet Endpoint Visibility & Control

Harmony

IBM Security QRadar Log Insights

InsightVM (Nexpose)

Jira

Kaspersky Endpoint Detection and Response

LogRhythm SIEM

Microsoft Active Directory Certificate Services (AD CS)

Microsoft Defender for Endpoint

Microsoft Defender Vulnerability Management

Palo Alto Cortex XSIAM

Palo Alto Networks Next-Generation Firewalls

Panther

Qualys VM

Securonix Security Operations and Analytics Platform

SentinelOne Singularity Identity Detection & Response

ServiceNow AI Platform

ServiceNow IT Service Management

Snowflake

Sophos Endpoint

Splunk Enterprise

Splunk Enterprise Security

Splunk IT Cloud

Sumo Logic

Symantec Endpoint Detection and Response (EDR)

Tanium Platform

Tenable Nessus

Tenable Vulnerability Management

Trellix Endpoint Security

Trellix Enterprise Security Manager

Wiz

Zscaler Internet Access

Cymulate Media

Cymulate automatically tests and validates the security controls across your entire IT environment to expose risky threats, dangerous attack paths and unknown gaps – and tells you how to fix them – before your organization suffers the impacts of a breach. Our complete security and exposure val...

Cymulate SaaS-based platform deploys within an hour, enabling security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end across the MITRE ATT&CK® framework.

Advanced offensive security testing made easy and production-safe to validate security controls and cyber exposures.

Insights to harden controls via configuration tuning, new policy creation, and custom rule generation.

Reduce your Attack Surface

Multi-Factor Authenticator

NEW Cymulate Exposure Validation Platform

AI-Powered Exposure Validation for Complete Cybersecurity Control

Official Downloads

(3)

edit

Cymulate Exposure Validation Platform - Data Sheet

Cymulate Exposure Management Platform - Data Sheet

Cymulate Exposure Management - Prioritization & Remediation

Cymulate Reviews (169)

G2 reviews are authentic and verified.

Here's how.

Akshay Z.

Lead Information Security Analyst

Information Technology and Services

Enterprise (> 1000 emp.)

11/15/2025

"Continuous Security activity on actionable item"

4.5/5

What do you like best about Cymulate?

We use the Cymulate BAS platform tool on a daily basis to perform multiple assessments, including Web Gateway, Data Exfiltration, WAF, Lateral Movement, Advanced Scenario, Full kill chain assessment with the help of BAS, BAS 2.0 and ASM. With the Cymulate tool, we are able to check for any vulnerabilities and ensure patches are applied according to our observations within our organization.

we install the agent on endpoint in our company on different location and perform the activities which is observed any gap and real time scenario observation to monitor and closely the gaps as we observed which is provided Cymulate platform. this is the best observation and assessment we like in Cymulate platform.

for the assessment point of view we run the multiple assessment with the all scenarios with creating the template and observed the gap in our organization trying to mitigate ASAP. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

ASM finding should be proper validation required.

Also Advance scenario and its configuration must be properly applicable so it is easily accessible for our users. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

In our company we are use in the Daily basis we run the assessment on multiple scenarios with the observed the vulnerabilities gaps on WAF, Email gateway, Web gateway, Advance scenario, Data exfiltration, Full kill chain with different endpoint in our persistent domain on multiple location observed on vulnerabilities, risk, impact which is gives us better mitigation and with proper allocation. it provides automated breach and attack simulations mapped to MITRE framework ATT&CK. so when any vulnerabilities observed or any gap is observed we are mitigated that as per the observation so we can secure on persistent company environment with security posture. Review collected by and hosted on G2.com.

Tony R.

Head of Cibersecurity Operations

Enterprise (> 1000 emp.)

9/15/2025

"Validating security with Cymulate"

4.5/5

What do you like best about Cymulate?

The simulations are very realistic and easy to execute, allowing for quick evaluation of different attack vectors.

The platform offers clear reports with remediation priorities, facilitating decision-making.

Its continuous approach helps improve security posture without disrupting operations. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

The initial learning curve can be moderate if there is no prior experience with BAS.

Some advanced simulations require technical adjustments or additional licenses.

The reports in Spanish could be more comprehensive. It should be possible to create dashboards with more representative KPIs. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

Cymulate is a Breach and Attack Simulation (BAS) platform that allows for continuous evaluation of the effectiveness of my organization's security controls. Through automated simulations of real attacks—such as phishing, lateral movements, data exfiltration, and vulnerability exploitation—it provides a clear view of the level of exposure and prioritizes corrective actions. Its approach, based on threat intelligence and continuous testing, helps validate policies, detect gaps, and improve the security posture proactively, without disrupting business operations. Review collected by and hosted on G2.com.

Prathamesh K.

Network Security Engineer

Mid-Market (51-1000 emp.)

8/20/2025

"Cymulate:Comprehensive Security posture testing Reviewed"

4/5

What do you like best about Cymulate?

I like best about Cymulate is its intuitive and user-friendly interface, which makes it easy to set up and manage continuous security validation across our environment. The platform provides comprehensive attack simulations that help identify vulnerabilities before attackers can exploit them. I also appreciate the actionable insights and remediation guidance that allow our team to prioritize and address critical risks quickly. The real-time reporting and variety of testing modules—from phishing simulations to lateral movement—make Cymulate a valuable tool for strengthening our organization’s security posture. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

I dislike about Cymulate is that some advanced features can be a bit complex to configure, and initial setup may take more time if you are new to the platform. Sometimes, reports can contain a lot of details, which may feel overwhelming for beginners. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks so much for the detailed review! We’re thrilled Cymulate is helping your team stay ahead of threats with real-time simulations, actionable insights, and a user-friendly experience. It’s great to hear the platform is making a real impact on your security posture. We appreciate your note on advanced feature complexity and report depth—we’re always working to improve usability while keeping the power under the hood. Thanks again for your trust!

Elmar G.

Especialista en Seguridad de Aplicaciones

Enterprise (> 1000 emp.)

9/30/2025

"Operationalizing Security Validation at Scale"

5/5

What do you like best about Cymulate?

I love how Cymulate turns continuous, safe attack simulations into actionable, MITRE-mapped fixes with one-click retesting. It centralizes App/Email/Web/EDR/WAF/ASM validation, integrates with our stack, and gives exec-ready reporting to prove risk reduction month over month. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Exec PDFs are clean but layout/branding and metric granularity (per control/subcontrol trends) feel constrained. Review collected by and hosted on G2.com.

Verified User in Financial Services

Enterprise (> 1000 emp.)

5/14/2025

"Automated Purple Teaming simplified with Cymulate"

4.5/5

What do you like best about Cymulate?

1) Variety of comprehensive security assessments and detailed reports that provide mitigation guidance across multiple security vectors.

2) excellent customer support

3) Easy deployment Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

1) The dashboard customization and reporting system could be improved, as the overall score is calculated as an average of all assessments conducted since day one, potentially limiting more granular insights.

2) The customer support team should adopt a more proactive approach, as reported issues often take over a month to be resolved. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

Cymulate enables organizations to detect vulnerabilities across their security infrastructure, ensuring that misconfigurations and weaknesses are addressed before attackers exploit them

Its ability to simulate immediate threats, including zero-day attack scenarios, enhances security readiness by addressing emerging cyber risks proactively.

Organizations can prioritize remediation efforts based on actual exposure risks, ensuring that security resources are allocated effectively Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks for the thoughtful review! We're glad Cymulate is helping you easily discover misconfigurations and security gaps and that our platform supports your detection engineering and evaluation efforts. We're sorry you experienced a delay with support. We strive to resolve tickets quickly and will make sure your feedback is shared with the team. Thanks again for your trust in Cymulate!

Verified User in Financial Services

Mid-Market (51-1000 emp.)

9/2/2025

"A new perspective of your security platform"

4.5/5

What do you like best about Cymulate?

Gives you a real insight of which attacks could breach your security platforms. It has a wide range of attack vectors and every flavor of attacks that can be tested. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

If you want to get the most our of your products, you might have to contact your software providers so that you can stop some of the breach simulations that get through. Configuration fixes will not be tailor-made to the platform being tested. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks for the thoughtful review! We’re glad Cymulate is helping you gain a new perspective on your security posture with broad attack coverage and actionable insights. Your point on needing collaboration with software providers is well taken—security validation often sparks important conversations, and we’re here to help guide that process. Thanks for sharing your experience!

Ankit K.

Security Consultant

Mid-Market (51-1000 emp.)

9/6/2025

"Cymulate is a Breach and Attack simulation partner which keeps us honest with security posture"

5/5

What do you like best about Cymulate?

Cymulate is a strategic enabler of control and posture validation which helps highlight the exposures effectively. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Agent dependency should be removed for certain use cases. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for recognizing how Cymulate supports continuous posture validation and helps guide security investments. We’re thrilled it provides the insight you need to assess ROI and keep defenses strong. We also appreciate your feedback on agent dependency—it’s valuable input as we continue improving deployment flexibility.

Michael R.

Ingeniero Threat hunting

Enterprise (> 1000 emp.)

9/17/2025

"Satisfied with cymulate"

4.5/5

What do you like best about Cymulate?

The update of active campaigns, which help us mitigate these potential security breaches. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

I think there are more campaigns needed focused on the financial sector like grandoreiro. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for the review! We’re happy to hear Cymulate is supporting your team’s threat readiness and contributing to stronger security operations.

Your input on industry-specific content is valuable, and we appreciate you taking the time to share it. We will pass along the request.

Verified User in Banking

Enterprise (> 1000 emp.)

9/16/2025

"Very useful and easy to use"

5/5

What do you like best about Cymulate?

The interface is intuitive and easy to navigate, which allows you to start working quickly. Additionally, the automatic validations save a lot of time and provide clear visibility on security exposures. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

In general, the experience is very good. Maybe they could improve the loading times a bit for some complex analyses, but it doesn't affect the overall performance. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

One of the main problems was the lack of continuous visibility over our actual vulnerabilities. Cymulate allows us to simulate attacks safely and quickly detect gaps in our security controls. Thanks to this, we can prioritize actions and improve the overall posture without waiting for an external audit. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks for sharing your experience! It’s great to hear Cymulate is helping you keep continuous visibility and quickly spot real security gaps. That’s exactly what we aim for.

We also appreciate your note about load times on complex analyses. We’ve passed that along to our product team as we continue to optimize performance.

Verified User in Banking

Enterprise (> 1000 emp.)

9/16/2025

"An excellent service"

5/5

What do you like best about Cymulate?

Mainly how user-friendly it is. Cymulate is valuable because it offers a continuous, automated, and realistic way to validate the organization's security. The platform allows simulating attacks based on MITRE ATT&CK to check if the defenses really work, and not just if they meet theoretical standards. Unlike simple vulnerability scans, it helps us prioritize exploitable risks, those that truly represent a threat in the business context. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

For the moment, nothing bad to say or that I don't like. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks so much for the great feedback. We’re glad to hear Cymulate is helping you move from theory to real, evidence-based validation. It’s great to know the platform makes it easier to see which risks actually matter and strengthen defenses where they count.

We also love that you’re using the data to improve protection across endpoints — that’s exactly how we want Cymulate to fit into your day-to-day security work.