Operations

3/22/2018
03:33 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

XM Cyber Unveils First Automated APT Simulation Platform to Continuously Expose All Attack Vectors and Prioritize Actionable Remediation

Operating as a fully automated purple team, XM Cyber combines red and blue teaming processes to always stay ahead of the hacker

New York, NY - March 20, 2018XM® Cyber, founded by top executives from the Israeli cyber intelligence community, today unveiled HaXM®, the first fully automated advanced persistent threat (APT) simulation platform to continuously expose all attack vectors, above and below the surface, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps. In effect, HaXM operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the hacker.

Hackers capitalize on human errors such as misconfigurations, shadow IT and faulty security practices, taking advantage of poor IT hygiene and security vulnerabilities. They use attack techniques and methods that circumvent all cyber defenses, often by employing legitimate tools and leveraging real user behavior.  HaXM continuously leverages advanced offensive methods to expose the most critical blind spots. In the process, HaXM provides data-driven remediation that focuses on an organization’s critical assets, reduces its IT risk and enables it to optimize its cyber resources.

“The best way to prevent a cyber-attack is to identify in advance the attack vectors hackers will use to compromise an organization’s critical assets,” said CEO and Co-Founder Noam Erez.  “Even when an organization has deployed and configured modern security controls, applied patches and refined policies, it should still ask ‘Are my crown jewels really secure?’ as there is a plethora of ways hackers can still infiltrate the system and compromise critical assets.

“This is why we founded XM Cyber: to equip enterprises with a continuous 360° view of which critical assets are at risk, what security issues they should focus on, and how best to harness their resources to resolve them.”

Already deployed by customers in North America and EMEA, including leading financial institutions and critical infrastructure organizations, HaXM has uncovered hidden attack vectors within networks in very short timeframes and demonstrated how hackers are able to compromise critical assets, despite the modern security controls and processes in place. It has also provided prioritized, simple-to-follow remediation, increasing significantly the security posture and IT hygiene of the organizations.

 

Customers benefit from:

  • Full mapping of all attack paths at any given time
  • A solution that automatically adapts to the context of the organization, leveraging misconfigurations, user activity, credentials and security vulnerabilities in the network
  • Comprehensive and up-to-date attack scenarios using the latest hackers' techniques and methods
  • The ability to detect and remediate IT-related risks in real-time
  • Automated remedial reports based on the attack vector’s criticality
  • Flexible architecture: on-premise or cloud-based

 

“The shortcomings of both the vulnerability management and penetration (‘pen’) testing approaches, not to mention the limitations of red team security initiatives, create the market opportunity for XM Cyber, and should enable it to build a customer base in the enterprise and midsize market segments,” said Rik Turner, Principal Analyst at Ovum.

XM Cyber was founded by top executives from the Israeli cyber intelligence community, including Tamir Pardo, former Director of the Mossad, and has raised $15M during the past two years. The company employs an elite team of cyber offense and defense veterans, with decades of real-world experience. XM Cyber has offices in the US, Israel and Australia and has over fifteen patent-pending technologies based on proprietary algorithms.

XM Cyber will demonstrate HaXM at the RSA Conference in San Francisco, California in April 16-19, 2018, booth 635 in the South Hall.

 

For more information: Website | Blog | Resources

Social Networks: Follow us on Twitter | LinkedIn | YouTube

 

About XM® Cyber

XM Cyber provides the first fully automated APT Simulation Platform to continuously expose all attack vectors, above and below the surface, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps. In effect, HaXM by XM Cyber operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the hacker. 

XM Cyber was founded by the highest caliber of security executives from the elite Israel intelligence sector. Together they bring a proven track record in both the offensive and defensive cyber security domain. The company has offices in the US, Israel and in Australia.

For more information, visit xmcyber.com

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/14/2018
Oh, No, Not Another Security Product
Paul Stokes, Founder & CEO of Prevalent AI,  8/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The State of IT and Cybersecurity
The State of IT and Cybersecurity
IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-13106
PUBLISHED: 2018-08-15
Cheetahmobile CM Launcher 3D - Theme, wallpaper, Secure, Efficient, 5.0.3, 2017-09-19, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13107
PUBLISHED: 2018-08-15
Live.me - live stream video chat, 3.7.20, 2017-11-06, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13108
PUBLISHED: 2018-08-15
DFNDR Security Antivirus, Anti-hacking & Cleaner, 5.0.9, 2017-11-01, Android application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13100
PUBLISHED: 2018-08-15
DistinctDev, Inc., The Moron Test, 6.3.1, 2017-05-04, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.
CVE-2017-13101
PUBLISHED: 2018-08-15
Musical.ly Inc., musical.ly - your video social network, 6.1.6, 2017-10-03, iOS application uses a hard-coded key for encryption. Data stored using this key can be decrypted by anyone able to access this key.