Case Study: GUD Holdings Limited achieves control of its attack surface across 17 subsidiaries with Cymulate ASM

GUD Gains Control of its Attack Surface Across 17 Subsidiaries with Cymulate ASM

GUD Holdings Limited, a Melbourne-based manufacturing group operating 17 subsidiaries in the automotive aftermarket and water products sectors, faced an unmonitored external attack surface and a small security team stretched thin by labor-intensive open-source asset scans. Having already used Cymulate Breach and Attack Simulation (BAS) and Cymulate Continuous Automated Red Teaming (CART) to validate controls, GUD turned to Cymulate for an exposure assessment that would discover all assets, reveal vulnerabilities and misconfigurations, and map relationships between internal and external infrastructure.

Cymulate deployed its Attack Surface Management (ASM) to automatically enumerate related domains from a single input and run weekly discovery plus monthly vulnerability scans for each business unit. Cymulate ASM uncovered unknown external assets, provided a centralized per-business view with severity, first-seen dates and mitigation guidance, and enabled continuous monitoring and risk prioritization — letting GUD’s small security team maintain control across 17 subsidiaries while reducing manual effort and improving remediation focus.

GUD Holdings Limited

Shaun Curtis

Head of Cybersecurity