Operations

3/22/2018
03:33 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

XM Cyber Unveils First Automated APT Simulation Platform to Continuously Expose All Attack Vectors and Prioritize Actionable Remediation

Operating as a fully automated purple team, XM Cyber combines red and blue teaming processes to always stay ahead of the hacker

New York, NY - March 20, 2018XM® Cyber, founded by top executives from the Israeli cyber intelligence community, today unveiled HaXM®, the first fully automated advanced persistent threat (APT) simulation platform to continuously expose all attack vectors, above and below the surface, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps. In effect, HaXM operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the hacker.

Hackers capitalize on human errors such as misconfigurations, shadow IT and faulty security practices, taking advantage of poor IT hygiene and security vulnerabilities. They use attack techniques and methods that circumvent all cyber defenses, often by employing legitimate tools and leveraging real user behavior.  HaXM continuously leverages advanced offensive methods to expose the most critical blind spots. In the process, HaXM provides data-driven remediation that focuses on an organization’s critical assets, reduces its IT risk and enables it to optimize its cyber resources.

“The best way to prevent a cyber-attack is to identify in advance the attack vectors hackers will use to compromise an organization’s critical assets,” said CEO and Co-Founder Noam Erez.  “Even when an organization has deployed and configured modern security controls, applied patches and refined policies, it should still ask ‘Are my crown jewels really secure?’ as there is a plethora of ways hackers can still infiltrate the system and compromise critical assets.

“This is why we founded XM Cyber: to equip enterprises with a continuous 360° view of which critical assets are at risk, what security issues they should focus on, and how best to harness their resources to resolve them.”

Already deployed by customers in North America and EMEA, including leading financial institutions and critical infrastructure organizations, HaXM has uncovered hidden attack vectors within networks in very short timeframes and demonstrated how hackers are able to compromise critical assets, despite the modern security controls and processes in place. It has also provided prioritized, simple-to-follow remediation, increasing significantly the security posture and IT hygiene of the organizations.

 

Customers benefit from:

  • Full mapping of all attack paths at any given time
  • A solution that automatically adapts to the context of the organization, leveraging misconfigurations, user activity, credentials and security vulnerabilities in the network
  • Comprehensive and up-to-date attack scenarios using the latest hackers' techniques and methods
  • The ability to detect and remediate IT-related risks in real-time
  • Automated remedial reports based on the attack vector’s criticality
  • Flexible architecture: on-premise or cloud-based

 

“The shortcomings of both the vulnerability management and penetration (‘pen’) testing approaches, not to mention the limitations of red team security initiatives, create the market opportunity for XM Cyber, and should enable it to build a customer base in the enterprise and midsize market segments,” said Rik Turner, Principal Analyst at Ovum.

XM Cyber was founded by top executives from the Israeli cyber intelligence community, including Tamir Pardo, former Director of the Mossad, and has raised $15M during the past two years. The company employs an elite team of cyber offense and defense veterans, with decades of real-world experience. XM Cyber has offices in the US, Israel and Australia and has over fifteen patent-pending technologies based on proprietary algorithms.

XM Cyber will demonstrate HaXM at the RSA Conference in San Francisco, California in April 16-19, 2018, booth 635 in the South Hall.

 

For more information: Website | Blog | Resources

Social Networks: Follow us on Twitter | LinkedIn | YouTube

 

About XM® Cyber

XM Cyber provides the first fully automated APT Simulation Platform to continuously expose all attack vectors, above and below the surface, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps. In effect, HaXM by XM Cyber operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the hacker. 

XM Cyber was founded by the highest caliber of security executives from the elite Israel intelligence sector. Together they bring a proven track record in both the offensive and defensive cyber security domain. The company has offices in the US, Israel and in Australia.

For more information, visit xmcyber.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2016-10739
PUBLISHED: 2019-01-21
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possib...
CVE-2019-6499
PUBLISHED: 2019-01-21
Teradata Viewpoint before 14.0 and 16.20.00.02-b80 contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.
CVE-2019-6500
PUBLISHED: 2019-01-21
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
CVE-2019-6498
PUBLISHED: 2019-01-21
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
CVE-2019-6497
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.