Press Releases

XM Cyber Announces the World’s First Breach and Attack Simulation (BAS) for Hybrid Cloud Environments

HaXM Now Maps Potential Attacks On-Premises, In the Network and on Amazon Web Services (AWS) — Continuously and Automatically.
HERZLIYA, IsraelDec. 4, 2019 /PRNewswire/ — XM Cyber, the multi-award-winning breach and attack simulation (BAS) leader, today announced that its HaXM platform is now the first BAS solution that can simulate attacks on Amazon Web Services (AWS). XM Cyber is the only BAS provider to address the sole crucial question for enterprises – “are my critical assets really secure?” – both on-prem and in the cloud.

XM Cyber provides the only hyper-realistic BAS solution: an advanced persistent threat (APT) automated and continuous simulation and remediation platform. XM Cyber allows users to see their network from the eyes of the attacker, running continuously 24/7 to find and show all the hidden attack vectors that can go under the radar of most protective measures.

Hackers capitalize on human errors such as misconfigurations and faulty security practices, taking advantage of poor IT hygiene and security vulnerabilities. As more and more data is migrated to the cloud, new risks emerge, making it critical for companies to assess their risk posture and understand how attackers could operate within their cloud environment.

“For the CISO, having the visibility necessary to reduce risk is one of the most critical parts of security,” said Noam Erez, CEO and co-founder of XM Cyber. “However, if you are assessing your on-prem risk separately from your cloud risk, you have no way of knowing what risks they pose to each other. HaXM closes the loop between on-prem and cloud risk assessment.”

HaXM reduces cybersecurity risk by continuously simulating advanced persistent threats against an organization’s critical assets, identifying security gaps, and prioritizing remediation. Implementing HaXM in an AWS environment is a simple process requiring less than an hour.

The HaXM platform audits AWS configurations via AWS API and uses that information to calculate different attack vectors. By simulating attacks on an organization’s AWS infrastructure, it is possible to find misconfigurations leading to risks such as IAM privileges escalations, access token theft or leveraging of the Cloud Instance Metadata API to pivot across the cloud. The platform enables users to operate as an “automated purple team,” combining red and blue teams’ processes to ensure that organizations are always one step ahead of the attack.

“Looking at recent breaches involving cloud environments, we see attackers are leveraging a mix of classical attack techniques with other methods that are unique to the cloud,” said Boaz Gorodissky, CTO and co-founder of XM Cyber. “This is a major concern for organizations today, as is evident by the recent updating of the MITRE ATT&CK framework to include cloud-specific attack techniques. HaXM is the first and only BAS solution that can identify and recommend remediation for hybrid environment risks.”

About XM® Cyber
XM Cyber provides the first fully automated breach and attack simulation (BAS) platform to continuously expose attack vectors, from breach point to any organizational critical asset. This continuous loop of automated red teaming is completed by ongoing and prioritized actionable remediation of security gaps. In effect, HaXM® by XM Cyber operates as an automated purple team that fluidly combines red team and blue team processes to ensure that organizations are always one step ahead of the attack. XM Cyber has already received over 20 industry awards, including being recognized as a “Technology Pioneer” by the World Economic Forum. XM Cyber’s customers include leading financial institutions, critical infrastructure organizations and manufacturers across North AmericaEurope, and Israel.

XM Cyber was founded by the highest caliber of security executives from the elite Israeli intelligence sector. Together they bring a proven track record in both the offensive and defensive cybersecurity domain. The company is headquartered in Israel and has offices in the US, UK and Australia.

For more information:

Follow XM Cyber: Twitter | LinkedIn | YouTube

Media Contact
Fusion PR (for XM Cyber)
Brian Janson
E: [email protected] 
T: +1(646)-452-7111


Find and fix the exposures that put your critical assets at risk with ultra-efficient remediation.

See what attackers see, so you can stop them from doing what attackers do.