AttackIQ Security Optimization Platform

Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)AttackIQ
Company size (employees)100 to 499
Type of solutionSoftware

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

- The AttackIQ Security Optimization Platform offers the easiest to deploy, best security control validation available at scale, in production, and with the tightest alignment to MITRE ATT&CK. While other companies offer tools with limited test scenarios and use cases, AttackIQ is a platform that offers 2,000+ scenarios, 40+ assessment templates, and 26 solutions. Within six clicks and 60 seconds, customers know if controls are compromised. Competitors test in sandboxes, but AttackIQ tests in production across the entire kill chain, the same way real-world adversaries do. Our platform was built from the ground up by former security practitioners to help security leaders move beyond traditional BAS, fighting fires and cost reduction to a strategic program that delivers both improved effectiveness and efficiency.

- The Security Optimization Platform is constantly evolving to enable enterprises to combat the latest known attacker TTPs. Most recently, AttackIQ announced that its Security Optimization Platform can test the NIST 800-53 family of security controls against the MITRE ATT&CK framework, providing security teams with real data about NIST 800-53 compliance. AttackIQ also introduced a newly updated ransomware assessment template into the Security Optimization Platform in August to ensure that organizations are prepared to defend themselves against a surge of new attacks in the wake of COVID-19.

- AttackIQ uniquely offers at no fee step-by-step blueprints on how to optimize security programs across 26 different use cases. Blueprints provide red, blue, and compliance teams with detailed guidance and answers around: how to rationalize security controls and prioritize testing, which methods for aligning people, processes, and technology will improve program effectiveness, what test scenarios and simulations should they perform, and when? Customers are supported with the BAS industry’s first free cybersecurity education program, AttackIQ Academy, which now serves 9,700+ practitioners in 126 countries. Academy courses are eligible for ISC(2) CPEs.

Brief Overview

AttackIQ intends to turn breach and attack simulation (BAS) into a multi-billion dollar market by helping customers optimize their cybersecurity programs, beginning with addressing the most overlooked issue: control effectiveness. AttackIQ’s Security Optimization Platform delivers automated insights on control performance, enabling smarter investment decisions. The Security Optimization Platform deploys lightweight agents to existing devices, user devices or servers, physical or virtual, and easily turns those devices into test points. Once users deploy test point agents, they are able to set automated scenarios to run continuously, and launch targeted scenarios on demand. This offers real-time insight into how controls, processes and people respond to known and emerging threats.

The AttackIQ Security Optimization Platform aligns deeply with the MITRE ATT&CK framework and emulates known adversary tactics, techniques and procedures (TTPs) to exercise security controls in the same way an adversary does, in production. BAS tools often use red teams to augment their manual testing, but the blue team is the primary use case for AttackIQ. The ATT&CK framework gives blue teams the ability to design their defenses based on systematic knowledge of attacker behavior, and validates the effectiveness of their defenses.

AttackIQ’s Security Optimization Platform provides easy-to-understand reporting dashboards, so risk leaders and CISOs have actionable information to make sound decisions about their security operations, compliance, and risk management investments. CISOs can confidently report to CEOs and Boards that despite constrained budgets, the organization is safe.

For customers with limited security team resources, AttackIQ also a managed Security Validation Service, enabling companies to realize the substantial benefits of a continuous security validation program without having to operate the platform in-house.

AttackIQ gives customers the most consistent, trusted and safest way to test security controls at scale and in production.