XM Cyber: How This Hybrid Cloud Security Company Is Closing the Exposure Remediation Gap

By Amit Chowdhry • Updated January 19, 2024

XM Cyber is a leading hybrid cloud security company changing how organizations approach cyber risk. Pulse 2.0 interviewed XM Cyber Chief Technology Officer and Co-Founder Boaz Gorodissky to learn more about the company. 

Boaz Gorodissky’s Background and Role

Can you start by sharing more about what led you to XM Cyber and what your role is within the company?

Gorodissky: “I started my career as a younger engineer in the Prime Minister’s office and served in various technical roles there for over 30 years. Over time, I progressed from engineer to team lead to head of a large technology operations division and eventually led over 2,000 people across all areas of technology. This gave me broad experience across several disciplines.”

“While I enjoyed these leadership roles, I left and co-founded XM Cyber after identifying a critical problem that we did not have the resources to adequately address internally. Most cybersecurity solutions fail to help organizations move beyond siloes to create scalable and sustainable exposure management programs. We realized this problem was universal and impacting enterprises across industries. With this insight, we founded XM Cyber to provide a solution.”

As CTO, I oversee all technology and product development at XM Cyber. My responsibilities start with identifying customer needs and working with product management to define detailed requirements and a technology roadmap aligned to our vision. This includes anticipating what capabilities will be critical for organizations to have in place to strengthen their security posture, while also delivering features that solve immediate pain points based on customer feedback and industry trends.”

“I work closely with our R&D team to spearhead development, taking concepts from ideation to operational products that customers can leverage. Throughout this process, I ensure we are building innovative solutions that push the boundaries of cybersecurity.”

XM Cyber’s Mission

What about XM Cyber’s mission most appeals to you and how do you implement it in your own work? 

Gorodissky: “What appeals to me most about XM Cyber’s mission is our unique approach of seeing cyber risk from the point of view of the attacker. This outside-in perspective is a fundamental difference in how we help organizations evaluate their environments and close security gaps before attackers can exploit them. My goal is to embed this mentality into both our technology and how we enable customers to transform their security strategies. We don’t only prioritize the problems, we help them optimize with holistic remediations.”

Core Products

What are the company’s core products and features? 

Gorodissky: “Our flagship product is XM Cyber’s Exposure Management platform. This provides organizations with continuous control of their complex hybrid IT environments, on-prem and in the cloud. Key capabilities include:

  • Attack Graph Analysis – Our technology dynamically models an organization’s entire hybrid infrastructure and simulates how real-world attackers could traverse and escalate privileges to reach critical assets.
  • Comprehensive discovery – The platform continuously discovers vulnerabilities, misconfigurations, and compliance issues, alerting teams to deviations from normal behavior.
  • Prioritization – XM Cyber helps security teams focus on remediation efforts by identifying choke points that are lynchpins in multi-step attack chains.
  • Security posture scoring – Customers gain an evolving view of cyber risk with quantified security ratings across their environments and over time.
  • Remediation guidance – The platform identifies which critical assets are at highest risk and provides step-by-step instructions for rapid remediation by focusing on fixing choke points and removing the risk to critical assets.”

Approach To Exposure Remediation 

What is XM Cyber’s approach to exposure remediation and how do you apply it to your products? 

Gorodissky: “A core element of our Exposure Management platform is providing security teams with the context they need to prioritize remediation based on actual risk. Our research shows that over 75% of exposures within an organization’s environment are not on attack paths that lead to critical assets. Yet teams spend valuable time attempting to patch everything.”

“XM Cyber helps teams take a risk-based approach by automatically discovering all possible attack vectors in an environment, then identifying which exposures can actually be chained together to compromise key systems. This enables organizations to prevent more attacks by fixing fewer, but critical, exposures that serve as key pivot points for malicious actors.”

Exposure Management Service

Can you tell me more about XM Cyber’s recent launch of its Exposure Management Service (EMS)? 

Gorodissky: “We recently launched XM Cyber’s Exposure Management Service (EMS) to provide an advanced remediation capability that acts as an extension of our customers’ security teams. The EMS offering pairs our leading Exposure Management platform with dedicated remediation expertise. Customers can leverage EMS to establish robust remediation processes, drive and track prioritized fixes across IT, infrastructure and development groups, and accelerate exposure reduction.”

“Key benefits of the EMS include receiving tailored remediation reports and guidance based on the customer’s unique environment, gaining insights into remediation progress through monthly reports, and having the peace of mind that comes with continuous expert oversight of residual risk and asset security.”

Significant Milestones

What have been some of the company’s most significant milestones? 

Gorodissky: “XM Cyber has achieved significant milestones that have fueled our growth and impact as a company. Successful fundraising rounds validated investor confidence in our vision early on and provided capital to expand our technology and team. Landing those first marquee customers demonstrated real-world value as we saw organizations use our platform to reduce risk, which was incredibly rewarding. Our acquisition by Schwarz Group marked a major milestone by accelerating innovation and growth and strengthening our position in the global cybersecurity market.”

“From there, our acquisition of Cyber Observer strengthened capabilities for continuous control across hybrid environments. The purchase of Confluera then brought powerful cyber attack detection and response into our portfolio. Most meaningfully, hearing continuously from customers about how XM Cyber has enabled measurable improvement in their security posture through efficient exposure reduction motivates us every day.”

Growth Focus

In what areas is XM Cyber currently focusing its growth efforts?

Gorodissky: “Some key areas where XM Cyber is currently focusing growth efforts:

  • Expanding our cloud security capabilities, including discovering attack paths in Kubernetes environments and identifying cloud choke points.
  • Enhancing integrations with partners to jointly deliver more value to customers.
  • Developing new offerings for runtime protection of cloud workloads.
  • Increasing coverage of complex enterprise systems to model attacks and exposures.
  • Leveraging AI to enable natural language querying of risk insights.”

“We are committed to continuous innovation so we can expand the capabilities of our Exposure Management platform. Our aim is to innovate across our product portfolio to model emerging attack techniques, support diverse IT systems, and provide the comprehensive visibility and control customers need as their infrastructure evolves.”

Differentiation From The Competition

What differentiates the company from its competition? 

Gorodissky: “XM Cyber stands apart by providing:

  • Comprehensive visibility by analyzing entire environments, not just assets in isolation, to reveal exposures and risk in context.
  • Increased efficiency by quantifying exposure risk and prioritization so teams can maximize risk reduction with existing resources and budgets.
  • Context from the attacker perspective by continuously modeling how exposures could be exploited across the hybrid environment based on the unique topology and controls.”

“This enables efficient risk reduction through robust Continuous Threat and Exposure Management programs. Our innovations in Exposure Management deliver the continuous control organizations need to get ahead of cyber risk.”

Future Company Goals

What are some of the company’s future company goals? 

Gorodissky: “One of our major goals is to help enterprises implement Continuous Threat and Exposure Management (CTEM) programs leveraging our Exposure Management platform. CTEM provides a systemic approach to continuously identify risks, prioritize remediation, and mobilize teams to optimize security posture.”

“Looking ahead, we aim to further build out CTEM-focused capabilities that give customers continuous control over their evolving risk surface, the insights needed to optimize security resource allocation, and the ability to measurably strengthen their defenses over time. Infrastructure today is beyond multi-faceted combined and you need to be able to break down silos – we aim to always give one comprehensive picture, wherein we see the connections between everything and how everything impacts and is impacted by everything else.”

Final Thoughts

Do you have any final thoughts on how enterprises should approach cybersecurity?

Gorodissky: “As an executive, you need to recognize that you have an important responsibility and role to play when it comes to cybersecurity. It starts with understanding that cyber risks directly impact business risk – outages, data theft, and other fallout from breaches can severely harm finances, operations, legal standing, and brand reputation. For these reasons, cybersecurity must be treated with the same priority as other critical business functions.”