Cymatic Raises $4.5 Million to Protect Web Applications from Breached Credentials and Other Unforeseen Visitor Threats


Company’s UEBA platform autonomously identifies and verifies a user’s security hygiene pre-endpoint and blocks any threats before they get past the browser

Raleigh, July 31, 2019 – Cymatic today announced that it has raised $4.5 million in seed funding from prominent private angel investors. The company will use the capital to fuel the development of its user and entity behavior analytics (UEBA) pre-endpoint platform and to accelerate customer growth.

In a separate announcement, the company announced that former Cylance senior executive Malcolm Harkins has joined Cymatic as Chief Security and Trust Officer.

According to recent reports, compromised and vulnerable credentials have emerged as one of the biggest threats facing organizations, with 29 percent of all breaches involving stolen credentials. In 2018 alone, these stolen credentials fueled more than 28 billion credentials stuffing attacks. Cymatic is the only UEBA platform to provide web applications with deep visibility into and proactive remediation of the threats from human and non-human attacks, as well as the vulnerabilities users bring with them on their devices.

“Web applications continue to be highly vulnerable to human derived threats such as poor credential and device hygiene. Unfortunately, today’s current security solutions fail at really understanding how a user’s security hygiene directly affects the cyberhealth of companies they interact with,” said Jason A. Hollander, co-founder and CEO of Cymatic. “That’s why we built the only platform capable of assessing a user’s security hygiene in realtime and remediating any threats before they leave the browser. With this investment, we will further advance the Cymatic Platform and help organizations eliminate the risks they currently can’t see.”

Delivered through a zero-agent snippet that installs in seconds, the Cymatic Platform is the first to leverage contextual-based machine learning and autonomous remediation to protect and secure web applications – pre-endpoint – ensuring that a user’s security hygiene does not adversely affect the cyberhealth of a company’s web properties.

Cymatic is redefining the UEBA market by providing organizations with:

  • Comprehensive Credential Defense and Detection: Blocking breached credentials is now table stakes for security. Cymatic’s intelligent credential defense can preemptively determine – before a breach – if the credentials are vulnerable to be used in an attack. It also gives complete visibility into shared credentials, blocking malicious sessions and alerting shared usage for auditing purposes.
  • Autonomous, Pre-Endpoint Threat Resolution: Cymatic blocks unknown threats at the browser before they reach the network. The platform catches request submissions and returns custom status codes without proxies, agents or DNS rerouting. For known threats that reach the network, Cymatic’s remediation engine and security chatbot resolves threats in real-time to eliminate unnecessary alert fatigue.
  • Compliance-Driven Reports and Analytics: Cymatic’s contextual engine can triangulate risks to provide a high fidelity report of the threats facing an organization. This composite look into an organization’s cyberhealth provides companies with a much clearer understanding of how one risk might amplify another and its direct correlation to a possible breach.
  • Unmanaged Device Remediation: Cymatic helps organizations understand if the devices they don’t manage are a threat by automatically scanning the device for vulnerabilities and blocking risky devices from entering the network without endpoint agents.
  • Privacy by Design: Customer security and privacy are at the foundation of Cymatic’s technology. Cymatic will give opportunity for notice, encourage architectures with privacy safeguards, and provide appropriate transparency and control over the use of data.

“We handle highly confidential and regulated customer information. The only way to ensure the security of this data is to know who and what is accessing our web applications and whether they adhere to our security policies,” said Troy Simon, CEO of Gym Farm. “The Cymatic platform gives us the real-time visibility we need to ensure all of our web apps are secure from user and device-based threats, without disrupting the user experience. This enables us to deliver the customer experience our users have come to expect, while ensuring that the sensitive data they trust us with is secure.”

To learn more on how Cymatic provides organizations with real-time visibility into user and visitor behavior to detect risk, mitigate threats and enforce security hygiene, please contact [email protected].

Cymatic will be at Black Hat USA 2019 and 2019 DEF CON taking place August 3-8th in Las Vegas where the company will showcase its UEBA platform.

About Cymatic
Cymatic delivers the only user and entity behavior analytics (UEBA) platform that autonomously identifies and verifies a user’s security hygiene pre-endpoint and blocks any threats before they get past the browser. Delivered through a zero-agent snippet that installs in seconds, highly regulated organizations that provide web applications rely on Cymatic for real-time visibility into user and visitor behavior to detect risk, mitigate threats and enforce security hygiene. Cymatic is headquartered in Raleigh, NC with offices in California and New York. Learn more at and follow Cymatic on Twitter and LinkedIn.

Media Contact
Whitney Parker
fama PR for Cymatic
P: 617-986-5011
E: [email protected]

1. 2019 Verizon Data Breach Investigations Report
2. 2019 Akamai State of the Internet Traffic Report


[1.] The Anti-Fraud Technology Benchmarking Report—The Association of Certified Fraud Examiners (ACFE) developed in collaboration with SAS.

Read More

Fortress Cyber Security Awards Honors 41 Global Innovators and Products

Fortress Cyber Security Awards Honors 41 Global Innovators and Products

The Business Intelligence Group today announced the winners of the 2020 Fortress Cyber Security Awards. The business award program sought to identify and reward the world’s leading companies and products that are working to keep our data and electronic assets safe among a growing threat from hackers.

Rethinking cyber risk

Rethinking cyber risk

Everyone agrees that risk is essential. They just have different versions of what risk is, Evan Schuman reports.

Cyber Resilience Think Tank “Transforming the SOC”

Cyber Resilience Think Tank “Transforming the SOC”

AWhen you think of a security operations center (SOC), whatcomes to mind? Is it an organized team of security analysts andengineers who detect, analyze, and respond to incidents, alwaysworking in lockstep with business managers to execute on thesecurity strategy?