Cymulate Raises $70M to Strengthen Security Posture Testing

A breach and attack simulation titan has raised $70 million to strengthen its presence in new areas such as attack surface management and continuous automated red teaming.

See Also: Webinar | Prevent, Detect & Restore: Data Security Backup Systems Made Easy

The Tel Aviv, Israel-based company plans to use the Series D proceeds to deepen its wallet share among customers with less than 5,000 employees by working more closely with managed security service providers, says co-founder and CEO Eyal Wachsman. The round was led by existing investor OnePeak, which Wachsman praised for understanding the cybersecurity market and needs of the CISO.

“This is not an easy time to raise money,” Wachsman tells Information Security Media Group, “but if your company is doing well and doubling revenue year-over-year and you have a product that is a fit for the market, then it becomes easier.”

Cymulate wants to complete an initial public offering by the end of 2026, and Wachsman says the company is looking to increase its revenue and develop processes, policies and the financial maturity needed to prepare for going public. The company strengthened its management team by snagging Maria Mastakas from Digital Shadows and Carolyn Crandall from Attivo Networks to serve as COO and CMO.

From Attack Simulation to Security Posture Management

The company’s heritage is in the breach and attack simulation and security controls validation markets, but Cymulate has recently pushed into new domains including attack surface management and continuous, automated red and purple teaming to stay one step ahead of the competition. While the firm has rivals in the attack-simulation and red-teaming fields, the breadth of Cymulate’s platform is unrivaled, he says (see: Are You APT-Ready? The Role of Breach and Attack Simulation).

“We have already become the category leader, and this is the money that we need to double or triple our customer base in the next three years,” Wachsman says. “This amount can take us forward for the next few years.”

Cymulate wants to further strengthen its technology stack by carrying out one or two acquisitions in early 2023, which Wachsman says will allow the company to introduce new features and capabilities faster. The company already has a few candidates in the pipeline and is more focused on acquiring vendors with strong technology than lots of topline revenue, Wachsman says.

In the midmarket, Cymulate’s technology allows resource-constrained organizations to validate their security posture using advanced technology rather than having to find security talent in a very tight labor market, the CEO says. If staffing is not an issue, midmarket organizations also can benefit from Cymulate’s software to increase efficiency in testing their security posture, he adds.

Embracing the Power of MSSPs

The best way for midmarket organizations with few security experts and a small security budget to consume Cymulate’s technology is through a managed security service provider, which is why Wachsman brought in Andrew Barnett from Qualys to fuel MSSP growth.

Cymulate could be a good fit for any organization with security controls, a CISO and a security team of at least five employees. CISOs can leverage the platform to give the management team and board of directors more visibility into their organization’s current cybersecurity posture, according to Wachsman.

From a metrics standpoint, Cymulate most closely tracks year-over-year revenue growth and renewal rates from existing customers, Wachsman says. The company has more than 500 paying customers today in a wide range of verticals from financial services and retail to transportation and healthcare, he says.

“There is a global workforce shortage in cybersecurity,” Wachsman says. “With Cymulate, we can close this gap because we are allowing our customers to use advanced technology to validate their network security posture instead of hiring.”