For us, it just improves our security. It is as simple as that. We have a number of requirements. First of all, there are compliance requirements. You need to do vulnerability management and you have to be secure. In our case, we needed to protect our customers' information. In classic vulnerability management, you use scanners such as Tenable or Qualys and those tools are quite good. They have been programmed to find as much as possible. Previously, you sold by the number of vulnerabilities they found, and if you got more than the competitor, you were better. The problem is nowadays if you scan large networks, you get a huge number of vulnerabilities. It's often tens of thousands or even hundreds of thousands. Nobody can deal with that amount. Nobody. Therefore, you have to say "Well, okay, we have 40,000 vulnerabilities from low to medium to critical. We'll skip low and medium and take care of the critical ones only." However, this is only a quantitative approach. There are vulnerabilities that are not critical in the sense of the scanner, yet, in this context, they are critical. On the other hand, there are lots of critical vulnerabilities that are not business-critical. If they compromise the system, what XM Cyber does, is it breaks all that down to attack paths, and it's an assumed breach scenario. XM assumes you have a broken, for example, web server, and it tells you what that means for you when you have an attacker inside your network. That can be bad, however, it's not necessarily extremely bad. Maybe he doesn't get any further from that system, for example, and cannot do any lateral movement. If it's possible to do lateral movement, XM will tell you. That's a great advantage. It shows you the vulnerabilities that matter with respect to an attacker trying to approach your crown jewels, so to speak. With this product, at the end of the day, you don't have to deal with ICMP ping reply vulnerabilities or stuff like that. It shows you the relevant vulnerabilities. Often, it shows you if you have an up-to-date managed network, patch management, et cetera. Normally there are just a few systems that are not patched correctly, for whatever reason, and XM will tell you. Those systems may be responsible for a part of an attack path and others may not. If the others are not part of an attack path, it's not that urgent to take care of them since they are vulnerable, yet not as much. The product allows you to go to those systems that are part of an attack path and fix that. The areas that would normally cause your sleepless nights are focused on. You fix those immediately, and you have more time for the rest. At the end of the day, this is much quicker. It's not a quantitative approach. It's a qualitative approach. It saves you lots of work if you don't have to patch something immediately. You don't have to call a meeting with a business owner and tell him, "Wow, we need to reboot your systems," and he's telling you, "No, we can't." This saves you a lot of work and lots of discussions and makes you much, much more secure.
Vulnerability Management (VM) is a critical cybersecurity process focused on identifying, evaluating, and mitigating vulnerabilities in IT systems. It helps organizations protect their networks and assets by proactively managing security weaknesses before they can be exploited by threats.
We use the product to identify the vulnerabilities in the network.
For us, it just improves our security. It is as simple as that. We have a number of requirements. First of all, there are compliance requirements. You need to do vulnerability management and you have to be secure. In our case, we needed to protect our customers' information. In classic vulnerability management, you use scanners such as Tenable or Qualys and those tools are quite good. They have been programmed to find as much as possible. Previously, you sold by the number of vulnerabilities they found, and if you got more than the competitor, you were better. The problem is nowadays if you scan large networks, you get a huge number of vulnerabilities. It's often tens of thousands or even hundreds of thousands. Nobody can deal with that amount. Nobody. Therefore, you have to say "Well, okay, we have 40,000 vulnerabilities from low to medium to critical. We'll skip low and medium and take care of the critical ones only." However, this is only a quantitative approach. There are vulnerabilities that are not critical in the sense of the scanner, yet, in this context, they are critical. On the other hand, there are lots of critical vulnerabilities that are not business-critical. If they compromise the system, what XM Cyber does, is it breaks all that down to attack paths, and it's an assumed breach scenario. XM assumes you have a broken, for example, web server, and it tells you what that means for you when you have an attacker inside your network. That can be bad, however, it's not necessarily extremely bad. Maybe he doesn't get any further from that system, for example, and cannot do any lateral movement. If it's possible to do lateral movement, XM will tell you. That's a great advantage. It shows you the vulnerabilities that matter with respect to an attacker trying to approach your crown jewels, so to speak. With this product, at the end of the day, you don't have to deal with ICMP ping reply vulnerabilities or stuff like that. It shows you the relevant vulnerabilities. Often, it shows you if you have an up-to-date managed network, patch management, et cetera. Normally there are just a few systems that are not patched correctly, for whatever reason, and XM will tell you. Those systems may be responsible for a part of an attack path and others may not. If the others are not part of an attack path, it's not that urgent to take care of them since they are vulnerable, yet not as much. The product allows you to go to those systems that are part of an attack path and fix that. The areas that would normally cause your sleepless nights are focused on. You fix those immediately, and you have more time for the rest. At the end of the day, this is much quicker. It's not a quantitative approach. It's a qualitative approach. It saves you lots of work if you don't have to patch something immediately. You don't have to call a meeting with a business owner and tell him, "Wow, we need to reboot your systems," and he's telling you, "No, we can't." This saves you a lot of work and lots of discussions and makes you much, much more secure.