Penetration Tester vs. Red Team: What’s Right for You?

Penetration tests and red team exercises are, in many ways, two sides of the same coin. Both have similar objectives, and both share some commonalities in terms of how those objectives are achieved. However, they are not interchangeable — and organizations may find one approach better suits their needs, depending on a few variables. To illuminate the […]

New Ways to Use XM Cyber for Remote Home Workers, Red Teamers and Pen Testers

One of the best things about releasing a new product into the wild is discovering all the new, creative and unanticipated ways in which people begin using the product. Sometimes users come up with novel applications that surprise even the most far-sighted product builders and designers. In other cases, they begin extending the value proposition […]

Why a 24/7 Fully Automated Breach and Attack Simulation Platform is Needed to Secure Your Organization’s Critical Assets

Global spending on information security now exceeds $100 billion annually, according to Forbes Magazine. Unfortunately, organizations aren’t getting a great return on their (quite sizable) investments. New, high profile data breaches seem to occur on a near-constant basis, and losses from cyber-attacks have never been larger. It’s estimated that security breaches will result in a […]

How to Make Automated Penetration Testing More Reliable

The modern security landscape is fast evolving — and has never been more fraught with challenges. With data breaches growing in size and severity every year, and enterprise networks becoming ever more complex, it’s imperative for organizations to have a robust set of defenses. Red team exercises and penetration testing have long been core elements of any security strategy. A […]

Join XM Cyber at Black Hat 2019

With an elite community of nearly 20,000 influential security experts, practitioners and business developers from around the world anticipated to come this year, Black Hat promises to be once again a Mecca for the global cyber world. At XM Cyber, we are particularly excited about this year’s event, as we will be officially attending it as […]

How to Combat Advanced Persistent Threats

Imagine the following Security Operations (SecOps) scenario. A large organization conducts regular audits of its security controls. It monitors a collection of intrusion detection appliances and uses Artificial Intelligence (AI) tools to search for anomalies in network traffic. After six months, during which nothing significant appears to have happened, the organization becomes aware of a […]

Did you just create a paradise for hackers? – Part 2

Why Shadow IT is the oxygen supply for APTs & what can you do to cut it off? The Use Case of Reverse RDP This is the second post of the series highlighting real life APT attacks examples (you can find the first post here). This post covers another real-life scenario we have experienced at one […]

How Is Your Enterprise IT Hygiene?

We’re hearing a lot these days about the need for strong and consistent enterprise IT hygiene in cybersecurity. Good. What is that, anyway? An IT hygiene definition should start with the meaning of “hygiene,” which comes from the Greek “hygieine techne.” It means “the healthful art,” Enterprise IT Hygiene is crucial if you want to […]

Breach and Attack Simulation – Know Your Enemy

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” ― Sun Tzu, The Art […]

Jiu-Jitsu training and Red/Blue teaming… How are they the same?

I am super passionate about Jiu-Jitsu and InfoSec. I have been involved in InfoSec for 18 years, and Jiu-Jitsu for 10. So how am I drawing the similarities between these two art forms? Both are based on the concept of – offense and defense.  In Jiu-Jitsu, you need to have a good offense along with […]