5 Exciting players in the Breach and Attack Simulation (BAS) Cyber Security Category

Breach and Attack Simulation is a new concept that helps organizations evaluate their security posture in a continuous, automated, and repeatable way. This approach allows for the identification of imminent threats, provides recommended actions, and produces valuable metrics about cyber-risk levels. Breach and attack simulation is a fast-growing segment within the cybersecurity space, and it provides significant advantages over traditional security evaluation methods, including penetration testing and vulnerability assessments.

Going over the players in this industry, it is clear that the BAS category includes a number of different approaches with the common target to provide the customer with a clear picture of its actual vulnerabilities and how to mitigate them.

CyberDB has handpicked in this blog a number of exciting and emerging vendors. These players are (in alphabetical order):

Those companies have a number of characteristics in common, including  a very fast time to market, successful management team and strong traction. In addition, all of them have managed to raise Series A or B funding over the last 16 months, ranging from $5M to $32M.

Other notable players range from incumbent to emerging players, such as Rapid7, Qualys, ThreatCare,  AttackIQ, GuardiCore,  SafeBreach, Verodin (acquired lately by FireEye) and WhiteHaX.

Gartner defines Breach & Attack Simulation (BAS) technologies as tools “that allow enterprises to continually and consistently simulate the full attack cycle (including insider threats, lateral movement, and data exfiltration) against enterprise infrastructure, using software agents, virtual machines, and other means”.

What makes BAS special, is its ability to provide continuous and consistent testing at limited risk and that it can be used to alert IT and business stakeholders about existing gaps in the security posture or validate that security infrastructure, configuration settings and detection/prevention technologies are operating as intended. BAS can also assist in validating if security operations and the SOC staff can detect specific attacks when used as a complement to the red team or penetration testing exercises.

CyberDB strongly recommends exploring embedding BAS technologies as part of the overall modern Cyber security technology stack.





Cymulate was founded by an elite team of former IDF intelligence officers who identified frustrating inefficiencies during their cyber security operations. From this came their mission to empower organizations worldwide and make advanced cyber security as simple and familiar as sending an e-mail. Since the company’s inception in 2016, Cymulate’s platform was given the recognition of “Cool Vendor” in Application and Data Security by Gartner in 2018 and has received dozens of industry awards to date. Today, Cymulate has offices in Israel, United States, United Kingdom, and Spain. The company has raised $11 million with backing from investors Vertex Ventures, Dell Technologies Capital, Susquehanna Growth Equity, and Eyal Gruner.

Cymulate is a SaaS-based breach and attack simulation platform that makes it simple to test, measure and optimize the effectiveness of your security controls any time, all the time. With just a few clicks, Cymulate challenges your security controls by initiating thousands of attack simulations, showing you exactly where you’re exposed and how to fix it—making security continuous, fast and part of every-day activities.

Fully automated and customizable, Cymulate challenges your security controls against the full attack kill chain with thousands of simulated threats, both common and novel. Testing both internal and external defenses, Cymulate shortens test cycles, provides 360° visibility and actionable reporting, and offers a continuous counter-breach assessment technology that empowers security leaders to take a proactive approach to their cyber stance, so they can stay one step ahead of attackers. Always.

With a Research Lab that keeps abreast of the very latest threats, Cymulate proactively challenges security controls against the full attack kill chain, allowing hyper-connected organizations to avert damage and stay safe.

Overtaking manual, periodic penetration testing and red teaming, breach and attack simulation is becoming the most effective method to prepare and predict  oncoming attacks. Security professionals realize that to cope with evolving attackers, a continuous and automated solution is essential to ensure optimal non-stop security

Cymulate is trusted by hundreds of companies worldwide, from small businesses to large enterprises, including leading banks and financial services. They share our vision—to make it easy for anyone to protect their company with the highest levels of security. Because the easier cybersecurity is, the more secure your company—and every company—will be.





Established in 2015 with offices in Israel, Boston, London and Zurich, Pcysys delivers an automated network penetration testing platform that assesses and helps reduce corporate cybersecurity risks. Hundreds of security professionals and service providers around the world use Pcysys to perform continuous, machine-based penetration tests that improve their immunity against cyber-attacks across their organizational networks. With over 60 enterprise global customers across all industries, Pcysys is the fastest-growing cybersecurity startup in Israel.

The Problem – Missing Cyber Defense Validation

We believe that penetration testing, as it is known today, is becoming obsolete. Traditionally, penetration testing has been performed manually by service firms, deploying expensive labor to uncover hidden vulnerabilities and produce lengthy reports, with little transparency along the way. Professional services-based penetration testing is limited in scope, time-consuming and costly. It represents a point-in-time snapshot, and cannot comply with the need for continuous security validation within a dynamic IT environment.

PenTera™ – One-Click Penetration Testing

Requiring no agents or pre-installations, Pcysys’s PenTera™ platform uses an algorithm to scan and ethically penetrate the network with the latest hacking techniques, prioritizing remediation efforts with a threat-facing perspective. The platform enables organizations to focus their resources on the remediation of the vulnerabilities that take part in a damaging “kill chain” without the need to chase down thousands of vulnerabilities that cannot be truly exploited towards data theft, encryption or service disruption.


  • Continual vigilance – the greatest benefit of employing the PenTera platform is the ability to continually validate your security from an attacker’s perspective and grow your cyber resilience over time. Pen-testing is turning to be a daily activity.
  • Reduce external testing costs – with PenTera, you can minimize cost and dependency on external risk validation providers. While in some cases an annual 3rd-party pen-test is still required for compliance reasons, it can be reduced in scope and spend.
  • Test against the latest threats – as the threat landscape evolves, it is crucial to incorporate the latest threats into your regular pen-testing practices. Your PenTera subscription assures you stay current.


  •  Agentless – zero agent installations or network configurations.
  • Real Exploits, No Simulations – PenTera performs real-time ethical exploitations.
  • Automated – press ‘Play’ and get busy doing other things while the penetration test progresses.
  • Complete Attack Vector Visibility – every step in the attack vector is presented and reported in detail to explain the attack “kill chain”.





Found in 2014, Picus has more than 100 customers and has been backed by EarlyBird, Social Capital and ACT-VC. Headquartered in San Francisco, Picus has offices in London and Ankara to serve its global customer base.

Picus Security’s customers include leading mid-sized companies and enterprises, across LATAM, Europe, APAC and the Middle East regions.


Picus continuously validates your security operations to harden your defenses. Picus empowers organizations to identify imminent threats, take the most viable defense actions and help businesses understand cyber risks to make the right decisions.

Picus Security is one of the leading Breach and Attack Simulation (BAS) vendors featured in several Gartner reports such as BAS Market Report, Market Guide For Vulnerability Assessment and Hype Cycle for Threat Facing Technologies. Picus has recently been recognized as a Cool Vendor in Security and Risk Management, 2H19 by Gartner. Picus was distinguished as one of the top 10 innovative cyber startups by PwC and the most innovative Infosec Startup of the year by Cyber Defense Magazine.

 Unlike penetration testing methods, Picus validates the security effectiveness continuously and in a repeatable manner that is completely risk-free for production systems. This approach helps customers identify imminent threats, take action and get a continuous view of the actual risk. Picus customers also maximize ROI from existing security tools, get continuous metrics on

their security level and can demonstrate the positive impact of security investments to business.

Picus can provide measurable context about descriptions, behavior, and methods of adversaries by running an extensive set of cyber-threats and attack scenarios 24/7 basis and in production networks on its fully risk-free platform with false-positive free.  Picus constantly assess organizational readiness for adversarial actions and prioritize findings based on adversarial context and helps immediate actions for mitigation of imminent threats.

  1. in-depth, full coverage threat database with more than 7,600 real-world payloads that are updated daily, and adversary-based attack scenarios and techniques mapped to the MITRE ATT&ACK framework to cover web application attacks, exploitations, malware, data exfiltration and endpoint scenarios.
  2. housing more than 34,000 mitigation signatures and 10 security vendor partnerships so analysts can gain insight into the most viable defense actions in response to adversaries, with immediate mitigation validation.
  3. providing actionable remediation recommendations tailored to organizations and their defense stacks and focusing only on attacks with mitigation solutions.




Randori’s mission is to build the world’s most authentic, automated attack platform, to help security teams “train how they fight”. Founded in 2018 by a former Carbon Black Executive and leading red teamers, Randori provides a SaaS platform to allow security teams of all maturity to spar against an authentic adversary. Customers are testing their incident response, identifying weaknesses (not just vulnerabilities), and as a result, producing justifiable ways to ask for further investment.

Randori is based in Waltham, MA with offices in Denver, CO. Known customers include Houghton Mifflin Harcourt, Greenhill & Co, Carbon Black, RapidDeploy, and ClickSoftware.

The Randori platform consists of two products, Recon and Attack.

Recon provides comprehensive attack surface management powered by black-box discovery. Customers can “see” how attackers perceive their company from the outside. This is especially useful for enterprise organizations with a changing network footprint, such as M&A, high seasonality, or undergoing cloud migration. Their approach differs from “internet-wide scan” methods, which can produce false-positives and are not actionable. Recon results are prioritized using a Target Temptation engine, which takes into account factors like known weaknesses, post-exploitation potential, and the cost of action by an attacker. Recon is available for free trial; a complimentary Recon report can be provided to any company over 1000 employees.

Attack provides authentic adversary emulation across all stages of the kill chain. Customers choose from objective-based runbooks that the platform will use to gain initial access, maintain persistence, and move laterally across the network. Risk is assessed across vulnerabilities, misconfigurations, and credentials—the same ways attackers breach companies. Attack is available to select early access partners and will broaden access in 2020.

The Randori differentiator is authenticity: to get started with their platform, only a single email address is needed to understand one’s attack surface and put it to the test. The platform seeks not to “validate existing controls” or “detection of MITRE ATT&CK techniques”, but help security teams train against a real adversary.





XM Cyber, a multi-award-winning breach and attack simulation (BAS) leader, was founded in 2016 by top security executives from the elite Israeli intelligence sector. XM Cyber’s core team is comprised of highly skilled and experienced veterans from the Israeli Intelligence with expertise in both o?ensive and defensive cyber security.

Headquartered in the Tel Aviv metro area, XM Cyber has offices in the US, UK, Israel and Australia, with global customers including leading financial institutions, critical infrastructure organizations, healthcare, manufacturers, and more.

HaXM by XM Cyber is the first BAS platform to simulate, validate and remediate attackers’ paths to your critical assets 24×7. HaXM’s automated purple teaming aligns red and blue teams to provide the full realistic advanced persistent threat (APT) experience on one hand while delivering vital prioritized actionable remediation on the other. Addressing real user behavior and exploits, the full spectrum of scenarios is aligned to your organization’s own network to expose blind spots and is executed using the most up-to-date attack techniques safely, without affecting network availability and user experience.

By continuously challenging the organizational network with XM Cyber’s platform, organizations gain clear visibility of the cyber risks, and an efficient, data-driven actionable remediation plan aimed at the most burning issues to fix.

  • The HaXM simulation and remediation platform continuously exposes attack vectors, from breach point to any organizational critical asset so you always know the attack vectors to your crown jewels.
  • The continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps, so you know how to focus your resources on the most critical issues.
  • The platform addresses real user behavior, poor IT hygiene and security exploits to expose the most critical blind spots so that you improve your IT hygiene and practices.

Even when an organization has deployed and configured modern security controls, applied patches and refined policies, there is a plethora of ways hackers can still infiltrate the system and compromise critical assets. XM Cyber is the only one to address the crucial question for enterprises: “are my critical assets really secure?” XM Cyber provides the only solution on the market that actually simulates a real APT hacker automatically and continuously.

By automating sophisticated hacking tools and techniques and running them internally, XM Cyber allows you to see the impact a breach would have on your actual environment. And you can remediate gaps and strengthen security for your organization’s “crown jewels”, including your customer data, financial records, intellectual capital and other digital assets.