Cymulate Reviews & Product Details

Cymulate is a leading on-prem and cloud-based Security Validation and Exposure Management Platform leveraging the industry's most comprehensive and user-friendly Breach and Attack Simulation technology. We empower security teams to prioritize remediation by continuously testing and harden defenses against immediate threats from the attacker's point of view. Cymulate deploys within an hour, integrating with a vast tech alliance of security controls, from EDR, to email gateways, web gateways, SIEM, WAF and more across hybrid, on-premise, cloud and Kubernetes environments. Customers see increased prevention, detection and improvement to overall security posture from optimizing their existing defense investments end-to-end across the MITRE ATT&CK® framework. The platform provides out-of-the-box, expert, and threat intelligence-led risk assessments that are simple to deploy and use for all maturity levels, and are constantly updated. It also provides an open framework to create and automate red and purple teaming by generating penetration scenarios and advanced attack campaigns tailored to their unique environments and security policies.

Product Website

Seller

Cymulate

Discussions

Cymulate Community

Languages Supported

English

Overview by

Aviva Spotts

Value at a Glance

Averages based on real user reviews.

Time to Implement

1 month

View More Pricing Information

Cymulate Integrations

(46)

Verified by Cymulate

Carbon Black EDR

Cisco Secure Endpoints

CloudGuard

Cortex

CrowdStrike Falcon Endpoint Protection Platform

CrowdStrike Falcon Exposure Management

Cybereason Managed Detection and Response

Cynet

Devo

Elastic Security

Exabeam New-Scale Fusion

Fortinet Endpoint Visibility & Control

Harmony

IBM Security QRadar Log Insights

InsightVM (Nexpose)

Jira

Kaspersky Next EDR Expert

LogRhythm SIEM

Microsoft Active Directory Certificate Services (AD CS)

Microsoft Defender for Endpoint

Microsoft Defender for Office 365

Microsoft Defender Vulnerability Management

Palo Alto Cortex XSIAM

Panther

Qualys VM

Securonix Security Operations and Analytics Platform

SentinelOne Singularity Identity Detection & Response

ServiceNow AI Platform

ServiceNow IT Service Management

Snowflake

Sophos Endpoint

Splunk Enterprise

Splunk Enterprise Security

Splunk IT Cloud

Sumo Logic

Symantec Endpoint Detection and Response (EDR)

Tanium

Tenable Nessus

Tenable Vulnerability Management

Trellix Endpoint Security

Wiz

Zscaler Internet Access

Cymulate Media

Cymulate automatically tests and validates the security controls across your entire IT environment to expose risky threats, dangerous attack paths and unknown gaps – and tells you how to fix them – before your organization suffers the impacts of a breach. Our complete security and exposure val...

Cymulate SaaS-based platform deploys within an hour, enabling security professionals to continuously challenge, validate and optimize their cyber-security posture end-to-end across the MITRE ATT&CK® framework.

Advanced offensive security testing made easy and production-safe to validate security controls and cyber exposures.

Insights to harden controls via configuration tuning, new policy creation, and custom rule generation.

Reduce your Attack Surface

Multi-Factor Authenticator

NEW Cymulate Exposure Validation Platform

AI-Powered Exposure Validation for Complete Cybersecurity Control

Official Downloads

(3)

edit

Cymulate Exposure Validation Platform - Data Sheet

Cymulate Exposure Management Platform - Data Sheet

Cymulate Exposure Management - Prioritization & Remediation

G2 reviews are authentic and verified.

Here's how.

Verified User in Computer & Network Security

Enterprise (> 1000 emp.)

4/13/2026

"Realistic, Continuous Security Validation Without Disrupting Production"

5/5

What do you like best about Cymulate?

What I value most is its ability to provide realistic, continuous validation of our security posture without disrupting production systems. It’s efficient and intuitive to use, which makes it easy for us to run tests regularly and incorporate them into our ongoing continuous security validation process. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Sometimes it’s difficult to get Cymulate working smoothly because of our company’s internal policies and restrictions. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

Cymulate helps us tackle the challenge of understanding our true security posture by continuously validating how well our defenses perform against realistic attack scenarios. Rather than relying only on theoretical risk ratings or vulnerability scores, it highlights what is actually exploitable in our environment, which has significantly improved how we prioritize remediation. It also supports a more proactive security approach by enabling ongoing testing and iterative improvement, instead of depending solely on periodic assessments. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for the thoughtful review. We’re glad to hear Cymulate is helping you move toward a more continuous and proactive approach to security validation. Shifting from theoretical risk to what’s actually exploitable is a meaningful step, and it’s great to see that impact reflected in how you prioritize remediation.

We also appreciate your calling out the challenges posed by internal policies and restrictions. That’s a reality for many organizations, and your feedback is valuable.

Thanks again for sharing your experience and being part of Cymulate.

Faik U.

InfoSec Manager

Enterprise (> 1000 emp.)

4/10/2026

"Customizable, Scenario-Based Attacks with Clear Mitigation Guidance"

4.5/5

What do you like best about Cymulate?

Email and endpoint attacks are customizable—scenario-based. There are lots of types of attacks in the attack database. The attack scenarios occur on a fast-paced SaaS platform. Mitigation strategies are also described in great detail and are easy to understand. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Not too much - reporting system is a bit awkward. Not so much detailed. Lots of modules that needs to be considered before buying. Good integration options but needs to be bought seperately. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

For the web attack scenarios, mitigation strategies for web application firewalls are clear to understand. It's not necessary to install a separate application server/agent or reverse proxy etc. Just type your website that needs to be attacked and watch until it's complete. It's easy to verify if the attack is completed or not from the dashboards as well. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Hi Faik,

Thanks for your thoughtful review—we’re glad Cymulate is helping you validate security gaps and take action quickly.

We appreciate the candid feedback on reporting and platform structure, and will be sure to pass it along to our team.

Great to hear the ease of testing without additional deployment is making your workflow simpler.

Thanks again for sharing your experience!

Akshay Z.

Lead Information Security Analyst

Information Technology and Services

Enterprise (> 1000 emp.)

11/15/2025

"Continuous Security activity on actionable item"

4.5/5

What do you like best about Cymulate?

We use the Cymulate BAS platform tool on a daily basis to perform multiple assessments, including Web Gateway, Data Exfiltration, WAF, Lateral Movement, Advanced Scenario, Full kill chain assessment with the help of BAS, BAS 2.0 and ASM. With the Cymulate tool, we are able to check for any vulnerabilities and ensure patches are applied according to our observations within our organization.

we install the agent on endpoint in our company on different location and perform the activities which is observed any gap and real time scenario observation to monitor and closely the gaps as we observed which is provided Cymulate platform. this is the best observation and assessment we like in Cymulate platform.

for the assessment point of view we run the multiple assessment with the all scenarios with creating the template and observed the gap in our organization trying to mitigate ASAP. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

ASM finding should be proper validation required.

Also Advance scenario and its configuration must be properly applicable so it is easily accessible for our users. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

In our company we are use in the Daily basis we run the assessment on multiple scenarios with the observed the vulnerabilities gaps on WAF, Email gateway, Web gateway, Advance scenario, Data exfiltration, Full kill chain with different endpoint in our persistent domain on multiple location observed on vulnerabilities, risk, impact which is gives us better mitigation and with proper allocation. it provides automated breach and attack simulations mapped to MITRE framework ATT&CK. so when any vulnerabilities observed or any gap is observed we are mitigated that as per the observation so we can secure on persistent company environment with security posture. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for taking the time to share your experience. We’re glad Cymulate plays a meaningful role in supporting your security validation efforts and day-to-day decision making.

We appreciate your constructive feedback and the perspective you’ve provided from hands-on usage. Input like this helps us better understand how teams engage with the platform in complex environments.

Thanks for being a Cymulate customer and for sharing your insights on G2.

Shubham A.

Small-Business (50 or fewer emp.)

3/18/2026

"Powerful Assessment Tool for Security Loopholes"

4.5/5

What do you like best about Cymulate?

I like the vast kinds of assessments that Cymulate offers. It really helps in securing our environment with scenario-related assessments. The tool is great for purple teaming, and the various assessments like web assessment and application firewall assessment are incredibly beneficial. They give me insights into which payloads can bypass firewalls and which are prevented, allowing us to improve security measures. The initial setup is also a very easy process, making it simple to get started with installing the agent and initiating scenarios and assessments. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

So there's some of the scenarios in the assessments that are not tested. That's the one thing they have to improve. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for your detailed feedback—we’re glad to hear you’re getting value from the wide range of assessments, especially for purple teaming and testing web and firewall defenses. It’s great to know the setup process was smooth and helped you get up and running quickly.

We also appreciate you pointing out gaps in some assessment scenarios. That’s important feedback, and we’re sharing it internally.

Thanks again for being part of the Cymulate community.

Akanksha .

Security Executive

Enterprise (> 1000 emp.)

4/7/2026

"Real-Time Security Validation with Automated BAS 2.0 Scenarios"

4.5/5

What do you like best about Cymulate?

It is great tool to assess our security tools, gives real-time view, we can automate the assessments, with BAS 2.0 now, we can run more scenarios to validate security of the tools Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Overall, the product is great, but sometimes support team little slower in providing the resolution Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for sharing your feedback—we’re glad to hear the platform is helping you gain real-time visibility, automate assessments, and get more value from the new capabilities. Stay tuned...there is more to come!

We also appreciate your calling out your experience with support. That’s important feedback, and we’re sharing it with the right teams to help improve response times.

Thanks again for being part of the Cymulate community.

Tony R.

Head of Cibersecurity Operations

Enterprise (> 1000 emp.)

9/15/2025

"Validating security with Cymulate"

4.5/5

What do you like best about Cymulate?

The simulations are very realistic and easy to execute, allowing for quick evaluation of different attack vectors.

The platform offers clear reports with remediation priorities, facilitating decision-making.

Its continuous approach helps improve security posture without disrupting operations. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

The initial learning curve can be moderate if there is no prior experience with BAS.

Some advanced simulations require technical adjustments or additional licenses.

The reports in Spanish could be more comprehensive. It should be possible to create dashboards with more representative KPIs. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

Cymulate is a Breach and Attack Simulation (BAS) platform that allows for continuous evaluation of the effectiveness of my organization's security controls. Through automated simulations of real attacks—such as phishing, lateral movements, data exfiltration, and vulnerability exploitation—it provides a clear view of the level of exposure and prioritizes corrective actions. Its approach, based on threat intelligence and continuous testing, helps validate policies, detect gaps, and improve the security posture proactively, without disrupting business operations. Review collected by and hosted on G2.com.

Prathamesh K.

Network Security Engineer

Mid-Market (51-1000 emp.)

8/20/2025

"Cymulate:Comprehensive Security posture testing Reviewed"

4/5

What do you like best about Cymulate?

I like best about Cymulate is its intuitive and user-friendly interface, which makes it easy to set up and manage continuous security validation across our environment. The platform provides comprehensive attack simulations that help identify vulnerabilities before attackers can exploit them. I also appreciate the actionable insights and remediation guidance that allow our team to prioritize and address critical risks quickly. The real-time reporting and variety of testing modules—from phishing simulations to lateral movement—make Cymulate a valuable tool for strengthening our organization’s security posture. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

I dislike about Cymulate is that some advanced features can be a bit complex to configure, and initial setup may take more time if you are new to the platform. Sometimes, reports can contain a lot of details, which may feel overwhelming for beginners. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks so much for the detailed review! We’re thrilled Cymulate is helping your team stay ahead of threats with real-time simulations, actionable insights, and a user-friendly experience. It’s great to hear the platform is making a real impact on your security posture. We appreciate your note on advanced feature complexity and report depth—we’re always working to improve usability while keeping the power under the hood. Thanks again for your trust!

Adesh R.

Security analyst

Enterprise (> 1000 emp.)

3/25/2026

"Clear, Automated Security Validation with Actionable Remediation Steps"

5/5

What do you like best about Cymulate?

It provides automated, continuous security validation that clearly shows real-world attack exposure and the steps needed for remediation. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Limited customization options and occasional false positives can make it challenging to fine-tune the results. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for your thoughtful review—we’re glad to hear Cymulate is helping you identify real-world exposure and accelerate remediation through continuous validation.

We also appreciate you highlighting the challenges around customization and occasional false positives. That’s valuable feedback, and we’re sharing it with the right teams as we are always looking to improve.

Thanks again for being part of the Cymulate community and sharing your experience.

Elmar G.

Especialista en Seguridad de Aplicaciones

Enterprise (> 1000 emp.)

9/30/2025

"Operationalizing Security Validation at Scale"

5/5

What do you like best about Cymulate?

I love how Cymulate turns continuous, safe attack simulations into actionable, MITRE-mapped fixes with one-click retesting. It centralizes App/Email/Web/EDR/WAF/ASM validation, integrates with our stack, and gives exec-ready reporting to prove risk reduction month over month. Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

Exec PDFs are clean but layout/branding and metric granularity (per control/subcontrol trends) feel constrained. Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thank you for taking the time to share your feedback. We’re glad to hear Cymulate is helping you maintain continuous validation, identify configuration drift, and clearly demonstrate security posture changes across your environment.

We appreciate you calling out your experience with executive reporting as well. We’ve shared your perspective with the appropriate internal teams to ensure it’s visible and considered as part of ongoing discussions.

Thanks again for your thoughtful review and for being part of the Cymulate community.

Verified User in Financial Services

Enterprise (> 1000 emp.)

5/14/2025

"Automated Purple Teaming simplified with Cymulate"

4.5/5

What do you like best about Cymulate?

1) Variety of comprehensive security assessments and detailed reports that provide mitigation guidance across multiple security vectors.

2) excellent customer support

3) Easy deployment Review collected by and hosted on G2.com.

What do you dislike about Cymulate?

1) The dashboard customization and reporting system could be improved, as the overall score is calculated as an average of all assessments conducted since day one, potentially limiting more granular insights.

2) The customer support team should adopt a more proactive approach, as reported issues often take over a month to be resolved. Review collected by and hosted on G2.com.

What problems is Cymulate solving and how is that benefiting you?

Cymulate enables organizations to detect vulnerabilities across their security infrastructure, ensuring that misconfigurations and weaknesses are addressed before attackers exploit them

Its ability to simulate immediate threats, including zero-day attack scenarios, enhances security readiness by addressing emerging cyber risks proactively.

Organizations can prioritize remediation efforts based on actual exposure risks, ensuring that security resources are allocated effectively Review collected by and hosted on G2.com.

Response from Aviva Spotts of Cymulate

edit

Thanks for the thoughtful review! We're glad Cymulate is helping you easily discover misconfigurations and security gaps and that our platform supports your detection engineering and evaluation efforts. We're sorry you experienced a delay with support. We strive to resolve tickets quickly and will make sure your feedback is shared with the team. Thanks again for your trust in Cymulate!