XM Cyber is a cybersecurity company that provides a continuous exposure management platform designed to help organizations proactively manage and mitigate cyber risks. The company’s mission is to change the way organizations approach cyber risk by allowing them to see their on-premise and cloud networks from an attacker’s perspective. This approach helps to identify and prioritize the most critical attack paths to sensitive assets, enabling security teams to focus their remediation efforts on the exposures that pose the greatest threat.
A core goal for XM Cyber is to help organizations implement Continuous Threat Exposure Management (CTEM) programs. This involves the continuous discovery of vulnerabilities, misconfigurations, and other security gaps across an organization’s entire attack surface. By simulating attacks and analyzing potential attack paths, XM Cyber aims to provide a clear, context-based view of risk, allowing for more efficient resource allocation and risk reduction. The company has a strong market reputation, with customers praising its innovative approach, ease of deployment, and the valuable insights it provides from an attacker’s point of view.
Offerings, Capabilities, and Integrations
XM Cyber provides a Continuous Exposure Management platform that helps organizations identify and address cyber risks. The company’s platform uses attack path analysis to show how attackers can combine various exposures—such as vulnerabilities, misconfigurations, and identity issues—to compromise critical assets across on-premises, cloud, and hybrid environments. This approach allows security teams to prioritize remediation efforts on the most critical issues, which XM Cyber refers to as “choke points,” thereby reducing the overall effort required to secure the network. A key capability is the platform’s ability to visualize the entire attack surface, providing a clear, context-based understanding of risk. XM Cyber’s platform integrates with a variety of existing security solutions, including SIEM, SOAR, and endpoint security tools, to enhance their effectiveness and provide a more holistic view of an organization’s security posture. These integrations allow for the orchestration of remediation processes and the accurate prioritization of incidents based on real-time attack paths.
Products and Services
XM Cyber’s core offering is its Continuous Exposure Management platform, which is designed to provide a comprehensive view of an organization’s security posture. The platform is composed of several key modules and services that address different aspects of exposure management.
- XM Attack Graph Analysis™: This is a flagship capability that maps out all possible attack paths, identifying how attackers can move across the network to reach critical assets. It provides context-based insights into exposures across external attack surfaces and hybrid infrastructures.
- Vulnerability Risk Management (VRM): This solution, an extension of the main platform, focuses on prioritizing vulnerability remediation by correlating CVE-related risks with real-world attack techniques. It aims to reduce false positives and focus on vulnerabilities that are truly exploitable.
- SAP Exposure Management: A newer capability that provides continuous visibility and remediation guidance for SAP deployments. It identifies attack paths targeting SAP systems and helps resolve these specific exposures.
- External Attack Surface Management (EASM): This feature discovers and monitors internet-facing assets for vulnerabilities and risks, helping to secure the initial entry points for attackers.
- Exposure Management Service (EMS): This service combines the company’s technology with remediation management expertise to help organizations operationalize their exposure management programs.
Target Customers
XM Cyber’s target customers are organizations with complex IT environments, including those with on-premises, cloud (AWS, Azure, GCP), and hybrid infrastructures. The company’s solutions are particularly beneficial for security teams that are overwhelmed by the volume of security alerts and need to prioritize their remediation efforts effectively. This includes large enterprises and organizations in sectors such as manufacturing, banking, and IT services. The platform is designed to assist CISOs and other security leaders in communicating risk to executive and board levels by providing clear metrics on security posture improvement. By focusing on the attacker’s perspective and identifying critical “choke points,” XM Cyber helps these organizations reduce the effort and cost associated with vulnerability management while improving their overall security posture.
Cloud Integrations and Marketplaces
XM Cyber’s platform integrates with the major cloud infrastructure providers to provide a unified view of cyber exposures across hybrid environments. The company’s technology connects with a client’s existing solutions through a standards-based API to continuously model attack paths.
- Amazon Web Services (AWS): XM Cyber integrates with AWS to run attack path modeling across a customer’s AWS infrastructure. It specifically connects with Amazon Inspector, a vulnerability assessment service, and AWS Security Hub to help prioritize remediation efforts based on potential attack paths.
- Microsoft Azure: XM Cyber partners with Microsoft to integrate its platform with Azure Active Directory, Azure Compute, and Azure Security Center. This allows for the discovery of security misconfigurations, and other weaknesses within the Azure environment.
- Google Cloud Platform (GCP): The XM Cyber platform runs attack path modeling across Google Cloud environments to identify security gaps. XM Cyber has a partnership with Google Cloud to integrate its Continuous Exposure Management capabilities with Google’s security portfolio to develop and distribute joint offerings.
XM Cyber’s products are available on the following cloud marketplaces:
- AWS Marketplace: The XM Cyber Continuous Exposure Management (CEM) platform is available for purchase on the AWS Marketplace. This allows customers to procure the platform directly through their AWS account.
- Azure Marketplace: There is no listing for XM Cyber on the Microsoft Azure Marketplace.
- Google Cloud Marketplace: While XM Cyber has a partnership with Google to bring joint security offerings to the marketplace, there are currently no listings available.
Key People
- Co-Founder & CEO: Noam Erez
- Co-Founder & CTO: Boaz Gorodissky
- Co-Founder & President: Tamir Pardo
- CFO: Moshe Grimberg
- General Counsel: Roee Lahav
- SVP, Product & Innovation: Menachem Shafran
- SVP, R&D: Ronen Segal
- VP, Customer Experience: Shay Siksik
- VP, Marketing: Sharron Malaver
- VP, Operations: Zev Barkan
- VP, Research: Zur Ulianitzky
- VP, HR: Yael Phillipp-Erez
Key Facts
- Headquarters Location: Herzliya, Israel.
- Number of Employees: Approximately 351-421.
- Annual Revenue: Approximately $75 million.
- Parent Company: Schwarz Group.
- Subsidiary Companies: Confluera and Cyber Observer.
- Publicly Listed: No.
Analyst Recognition
XM Cyber has been recognized by several key industry analyst firms for its capabilities in cybersecurity and exposure management.
- Gartner recognizes XM Cyber in its “Adversarial Exposure Validation” (AEV) and “Vulnerability Assessment” market categories. The firm was also previously cited as a representative vendor for Breach and Attack Simulation (BAS) tools. Gartner has identified Continuous Threat Exposure Management (CTEM) as a top strategic technology trend, a category in which XM Cyber is a prominent vendor.
- Forrester Consulting conducted a Total Economic Impact™ (TEI) study on XM Cyber’s Attack Path Management solution. The study highlighted a significant return on investment for customers using the platform.
- IDC includes XM Cyber in its “IDC Market Glance: Offensive Cybersecurity, 1Q25”. This report covers segments such as breach and attack simulation, automated penetration testing, and red teaming.
Based on the available information, there is no specific recognition for XM Cyber from Everest Group.