AttackIQ launched AttackIQ Ready!, a fully managed breach and attack simulation service that leverages years of advanced content and actionable reporting to improve organizations’ security posture and security program performance.
The service was designed to simplify the execution of a continuous security validation program, showing results in real-time and orchestrating faster remediation – all through one automated platform – for everyone who wants it.
Absent real data, teams lack clarity about their capabilities and performance and cannot confidently operate against the adversary. AttackIQ has found that security controls only stop the adversary 39% of the time in the real world due to misconfigurations and security control degradation. To solve this problem, AttackIQ Ready! delivers clear reporting and analysis so that security leaders know how well their controls perform against the adversary.
AttackIQ Ready! provides weekly reports, monthly executive-focused reports, and insurance-focused reports that can be used to communicate to the executive team, the board, insurance companies, and regulators alike.
“We know that automated testing provides a path to better security and business outcomes. With this announcement, we are making AttackIQ’s advanced testing capabilities available to a much broader section of the market,” said Carl Wright, Chief Commercial Officer, AttackIQ.
“Many organizations lack the resources to operationalize the MITRE ATT&CK framework or conduct red team assessments of their cyberdefenses. We are very excited to release AttackIQ Ready! to help teams of all sizes maximize return on investment and improve operational readiness,” added Wright.
With AttackIQ Ready!, organizations can expect the following:
- Easy and immediate use: AttackIQ Ready! provides an easy-to-use and immediate baseline understanding of your security coverage with continuous visibility to identify gaps and issues.
- Weekly and monthly reporting: Get weekly and monthly reports about your security controls’ performance, including against specific adversaries curated by the AttackIQ Adversary Research Team.
- Monthly adversary curation: Every month, the AttackIQ Adversary Research Team introduces a new set of adversarial campaigns to test your security controls against that specific adversary.
- Continuous automated testing: The AttackIQ Ready! team conducts weekly MITRE ATT&CK-aligned assessments drawn from the full AttackIQ research library.
- Actionable remediation guidance: Generates tailored, easy-to-use remediation guidance so that you can close gaps and address issues quickly to improve performance.
- Detection engineering: AttackIQ Ready! introduces the option of detection testing for companies with a security operations center or a SIEM structured to respond to alerts and attacks.
- In-app threat intelligence and analysis: Gain immediate in-app analysis about emerging and advanced threats and how to prepare your defenses to withstand attacks.
AttackIQ Ready! will help an even broader range of customers to achieve these results. A security operations center is not required to use AttackIQ Ready!. All that is needed are existing security controls to validate, either through cloud services like AWS or Azure or security providers.
What kind of results might companies expect? One security leader at a premier biosciences company recently used the AttackIQ platform to prove to an insurance company that his security controls were performing as intended and negotiate a peg to his insurance premium, saving his organization hundreds of thousands of dollars in fees.
As he said, “When we can prove that our solutions and controls are not just adequate, but they’re rock solid, there’s much value there. The investments in our firewalls, endpoint controls, and network security controls help build the program’s reputation and instill more confidence. Then when we go to the board for requesting a large sum of funding for maybe a new project, there are not as many questions.”
“AttackIQ has helped companies from the Fortune 10 to Global 2000 elevate their security effectiveness, including JetBlue, Bupa and the Department of Defense,” Wright continued. “This service will help companies hone security analyst and security operations team performance, find redundancies in security controls, validate security controls for insurers, decrease the impact of breaches, and much more. You can’t manage what you can’t measure, and we look forward to helping organizations measure their defenses against the adversary.”