AttackIQ Informed Defense: Automated continuous security validation and remediation
AttackIQ announced the launch of AttackIQ Informed Defense, the most significant product release in the company’s history. This new offering is in direct response to the evolution of attackers and their methods in becoming more targeted, sophisticated and automated.
To stay ahead of the threat, enterprise security teams need to validate and continually assess that cyber defenses are always optimally configured.
The AttackIQ Informed Defense Architecture (AIDA) enables a transparent and completely manageable attacker kill chain testing methodology. By combining the ability to emulate attacker behavior in the early stages of attack, lateral movement behaviors through communication between test points, and using current and highly integrated network threat packet captures; AIDA affords the most comprehensive automated security testing platform available.
“AttackIQ customers have already enjoyed a testing architecture that allows for red, blue, and purple teams to develop and deploy sophisticated adversary emulation plans in production computing environments from anywhere in the world,” said AttackIQ CEO Brett Galloway.
“With AttackIQ Informed Defense, customers will now be able to more closely replicate adversary behaviors by using the AttackIQ test point as an adversary ‘command controller,’ and executing lateral movement, persistence, and other late kill chain techniques, just as an attacker would.”
The AttackIQ Informed Defense solution is built on an industry-first unified architecture that:
- Allows security teams to take advantage of the most comprehensively MITRE ATT&CK-aligned library of known attacker tactics, techniques and procedures (TTPs), and includes an open platform that enables these TTPs to be tailored or tester defined.
- Provides an integrated testing architecture that allows customers to closely emulate threat actor behaviors across the entire adversary kill chain. From execution to defense evasion, from credential access to lateral movement, even including attackers living off the land.
- Invokes the integration of commercially-available network packet capture of threat behaviors that can be passed between these test points which best exercises internal segmentation strategies.
- Includes external orchestration infrastructure which integrates the ability to test organizational boundary security controls.
Combined with the company’s open system testing approach and validation tests for enterprise and cloud, the AttackIQ Informed Defense solution ensures that customers and partners have the right content and testing methodology at their fingertips.
“AttackIQ’s mission is to help organizations continuously optimize their security program’s effectiveness,” said Chris Kennedy, CISO and VP of Customer Success, AttackIQ.
“The best way to do this is with a unified architecture that can test from a point of breach and test in-line security controls in production, at scale, safely. These are two different requirements, and security teams need to be able to do both.”
AttackIQ Informed Defense new solution features include:
- The ability to promote existing AttackIQ test points staged throughout the production environment to become traffic-replay capable.
- Intelligent PCAP session replay across inline network devices.
- Modular infrastructure in service provider cloud IaaS networks that can play the role of an Internet-based entity or target for PCAP replay.
- Options to add Internet-based roles for geo-testing.
- Validation of internal security boundaries by using existing systems without having to deploy virtual machines.
- PCAP library updates with examples of latest malware infections, command and control communications, and other test-ready samples.
The AttackIQ Informed Defense solution will be generally available to customers and partners in Q3 2020.
Customers and partners are welcome to learn how to operationalize MITRE ATT&CK, unlock purple teaming, and evolve their security programs into Threat Informed Defense practices by joining the AttackIQ Academy.