AttackIQⓇ, the leading independent vendor of Breach and Attack Simulation (BAS) systems, is reinventing the BAS market with the new AttackIQ Security Optimization Platform to arm cybersecurity leaders with better insights, better decisions, and real security outcomes. According to Gartner, “Cybersecurity is facing slowing budget growth, frustrated at-risk executives and shifting regulatory focus. As the lines blur between business models and the technology that supports them, CIOs need to consider the risks, security priorities and investments that impact their business outcomes.” Further, “The urgency to treat cybersecurity as a business decision has never been greater.” AttackIQ helps customers address these needs with its best-in-class software platform, deep security vendor partnerships, and investment in the practice of threat-informed defense.
“COVID-19 has been a game changer for cybersecurity practitioners,” said Brett Galloway, AttackIQ CEO. “CISOs are under a siege of attacks, while spending is undergoing increased scrutiny. We’re in a new era that requires an optimization strategy for better insights, better decisions, and real security impact, beginning by addressing the most overlooked cybersecurity issue: control effectiveness.”
“Security optimization is absolutely paramount in today’s cybersecurity operating environment,” said Jeremy Phelps, Director of Information Security at Akin Gump, an AttackIQ customer. “The new normal of measuring program effectiveness will be directly tied to better insights and better decisions that create value for the business.”
The recent Honda ransomware attack that shuttered production facilities around the globe and the Twitter hack of 130 global influencer accounts underscore the increased pressure that security and risk leaders are facing during COVID-19. To make matters worse, most cybersecurity teams have no idea if their controls are working. Verizon estimates that 82% of successful enterprise breaches should have been stopped by existing controls, but weren’t. Because security controls are complex systems composed of technologies, people, and processes that fail silently, the only way to know if they are working is to actively test them in an automated and continuous way.
Best in Class Software Platform
Based on the AttackIQ Informed Defense Architecture (AIDA), the AttackIQ Security Optimization Platform offers the easiest to deploy, best security control validation available at scale, in production, and with the tightest alignment to MITRE ATT&CK. Built from the ground up by former security practitioners, the AttackIQ Security Optimization Platform arms security and risk leaders with better, automated insights to understand and address whether their tools and processes are working. With better data, practitioners can make smarter control investments.
Testing alone does not create a defense — it takes a village of vendors, across a broad array of technologies and services to construct a security program. Today AttackIQ is announcing the new Preactive Security Exchange, a comprehensive and category-first partner program to help mutual customers be proactive about preventable security control failures. The Preactive Security Exchange is focused not just on technical integrations, but on the shared mission of making security controls effective for our mutual customers.
AttackIQ has long been committed to a shared mission of giving back to the community. The company is a founding member of the MITRE Center for Threat-Informed Defense, which brings together leading security teams from around the world to identify and solve critical cyberdefense problems, then freely share results with the community. The MITRE ATT&CK matrix of attacker tactics, techniques, and procedures is the most widely-adopted framework for modeling adversary behavior.
Threat-Informed Defense Practice Enablement
AttackIQ also works closely with MITRE to promote the practice of threat-informed defense as part of the industry-first AttackIQ Academy. AttackIQ Academy offers free instructor-led courses in critical concepts such as purple team operations, MITRE ATT&CK, and attack simulation that are eligible for (ISC)² CPE Credits. To date, more than 2,100 students have registered for Academy courses since its launch in April. The company continuously updates its guest lecture speakers and advanced cybersecurity curriculum to help organizations bolster their defenses.
To help customers accelerate the benefits of threat-informed defense strategies, AttackIQ is introducing Blueprints — step-by-step guides for aligning people, process, and technology in 26 distinct solutions across the security organization. For example, AttackIQ Blueprints help audit and compliance teams decrease their regulatory burden by mapping regulatory and compliance controls, testing those controls continuously, and using testing data to provide validated compliance assessments. Security engineering and architecture teams can leverage ATT&CK-based threat modeling for product lifecycle security assessments. The operations team can validate detection strategy effectiveness, enable threat hunting, and facilitate real-world exercises.