From Risk to Resilience: XM Cyber’s 2024 Wrapup

As we step into 2025, now is a great time to reflect on the significant strides we made in the previous year. 2024 was a transformative year, marked by the implementation of cutting-edge features and strategic partnerships that have revolutionized the way organizations manage their cyber exposure. In this blog post I’ll delve into the technical aspects of these developments and highlight how they provide increased benefits to our valued customers.

2024 Strategic Objectives and Customer Benefits:

In 2024, XM Cyber focused on eight key technical initiatives to enhance the platform’s capabilities and deliver tangible benefits to our customers:

Enhanced Risk Assessment and Remediation:

• Benefit: Customers gain clearer, more actionable insights, enabling them to prioritize and address critical exposures effectively.

Expanded Cloud Security Offerings:

• Benefit: Organizations can now secure their cloud environments comprehensively, reducing the risk of data breaches and ensuring compliance with industry standards.

Tailored Actionable Reports:

• Benefit: Customers can easily understand and communicate cybersecurity risks across departments, fostering better collaboration and faster remediation.

External Attack Surface Management (EASM):

• Benefit: Organizations gain a holistic view of their external attack surface, allowing them to proactively identify and mitigate potential entry points for attackers.

Automated Out-of-the-Box Risk Assessments:

• Benefit: Customers save time and resources by leveraging advanced modules that automatically identify key attack points, enabling them to focus on critical issues.

Integrated Security Control Monitoring (SCM):

• Benefit: Organizations can ensure their security controls are properly configured and aligned with best practices, reducing the risk of misconfigurations and non-compliance.

Innovative Vulnerability Risk Management:

• Benefit: Customers can prioritize vulnerabilities based on their actual impact on the organization, enabling more effective remediation efforts.

Expanded Partnerships:

• Benefit: Through collaborations with industry leaders like Google, ServiceNow, and SAP, customers gain access to enhanced capabilities and seamless integrations, strengthening their overall cybersecurity posture.

We translated these strategic goals into three primary categories of product enhancements, aligning with Gartner’s CTEM framework and its related categories (Exposure Assessment Platforms, Adversarial Exposure Validation, and Cloud Native Application Protection Platforms (CNAP)): 

1. Onboarding Enhancements and Customer Benefits:

To streamline integration, we’ve revamped our onboarding process. AWS users can now onboard an entire organization at once, automatically incorporating existing and future accounts. Similarly, Azure and GCP onboarding have been simplified with automated scripts and consolidated account management, making monitoring more intuitive.  

2. Out-of-the-Box Improvements  

We’ve expanded our automated capabilities for cloud environments. When accounts are onboarded, critical choke points and technological assets are automatically identified. This functionality now supports Kubernetes, Active Directory, and improved visualization tools, providing richer insights with minimal manual configuration.  

3. Enhanced Reporting  

Reporting now incorporates a scoring system that prioritizes remediation efforts based on risk factors such as breach points, attack paths, and critical asset exposure. New reports—like the Critical Assets Report—enable users to focus remediation efforts on the highest-risk areas. Upcoming releases, like the Choke Point Report, will further refine this focus.

Strategic Partnerships and Customer Benefits

In 2024, we worked hard to build strategic partnerships with Google, SAP, and ServiceNow to enhance our platform’s capabilities and deliver more value to our users:  

Google SecOps  

We’ve integrated Google SecOps (including SIEM, SOAR, and threat intelligence), into our platform. By leveraging Google’s insights, such as threat intelligence data, we can create tailored attack scenarios. For example, we can measure an organization’s vulnerability to specific threat groups like APT29. In turn, our platform enriches Google SecOps by filtering events based on choke point scores, criticality, and asset labels, providing a more focused and prioritized SOC solution.

SAP  

For SAP users, we’ve added vulnerability data tied to active exploits, automatically enhancing security for SAP environments. Additionally, we’ve introduced automatic labeling for SAP servers, Oracle and Sybase databases, and HANA systems, allowing users to designate these as critical assets or bridge points seamlessly.

ServiceNow  

We’ve established a strategic partnership with ServiceNow, working across four key areas: vulnerability response, CMDB, ITSM, and security incident response. Our first milestone is the complete integration with ServiceNow’s vulnerability response, now available in their marketplace. This solution automates vulnerability management by assigning risk scores based on device criticality, proximity to critical assets, and other factors. It helps identify responsibility and supports seamless ticket creation through ServiceNow ITSM. Users can also access deeper insights by linking directly to our platform during investigations, streamlining the entire process.

New Modules and Capabilities

In 2024, we integrated several new modules and capabilities into our platform, notably:  

Vulnerability Risk Management (VRM) 

Our new VRM module offers a unique approach to vulnerability prioritization, integrating directly with our Continuous Exposure Management (CEM) platform. Unlike traditional CVSS-based methods, VRM prioritizes vulnerabilities based on their presence on choke points or critical assets, enabling targeted remediation. 

Security Control Monitoring (SCM)  

Built on Cyber Observer, SCM connects with over 100 tools, ensuring configurations align with vendor best practices and mapping them to compliance frameworks like ISO 27001 and GDPR. It supports larger environments with improved UX and simplifies compliance audits. 

OT Legacy System Protection  

Our new sensorless approach identifies devices communicating with legacy systems, such as AIX or Solaris, and highlights them as critical assets. This helps secure often-overlooked OT environments by eliminating attack vectors early on.  

Exposed Credential Management (ECM)  

ECM monitors dark web activity to identify leaked organizational credentials, enabling proactive mitigation through credential rotation or user removal.  

External Attack Surface Management (EASM)  

By scanning externally facing servers, EASM identifies exposures and maps them to attack scenarios. This delivers a new level of insights into potential impacts on internal systems.  

Expanded Attack Techniques and CVE Coverage  

We’ve added techniques for Linux, SAP, and hybrid cloud environments, as well as high-profile CVEs like OpenSSH vulnerabilities.  

The Bottom Line

As we wrap up our 2024 product journey, I think it’s clear that we at XM Cyber remain fully focused on driving meaningful improvements that enhance cybersecurity resilience. 

From advanced risk assessment and enhanced cloud security to groundbreaking partnerships and innovative offerings like EASM and VRM – each initiative addresses real-world challenges. By aligning with emerging frameworks like CTEM and continuously refining our platform, we’re building a strong foundation to tackle tomorrow’s threats. We’re excited to continue collaborating with our customers to deliver exceptional value, evolve with the industry, and keep your critical assets one step ahead of attackers.