Promote this Nomination

Additional Info

Company size (employees)100 to 499
Headquarters RegionNorth America

In 3 bullets, summarize why this company is different from the competition and deserves recognition:

- To help customers respond to work from home challenges and escalating cyberattacks, AttackIQ is educating practitioners on operationalizing threat-informed defense via AttackIQ Academy. The Academy is the BAS industry’s first free cybersecurity education program and offers both entry-level and advanced cybersecurity training that includes modularized curriculum and hands-on cyberrange labs. These labs, built on scalable, cloud-hosted infrastructure, provide learners with virtual environments for realistic exercises. All of the AttackIQ Academy courses are available at no charge for the good of the greater cybersecurity community. Plus, all AttackIQ Academy participants are eligible for (ISC)2 Continuing Professional Education (CPE) credits. In just 8 months, the Academy has grown from zero to 9,008 students in 126 countries.

- To give back to the cybersecurity community and contribute to leading research and development efforts, AttackIQ is a founding member of MITRE Engenuity’s Center for Threat-Informed Defense. The Center conducts applied research and advanced development to improve cyberdefense at scale for the global community. AttackIQ partners closely around the Center’s threat emulation library, which houses detailed plans to replicate the tactics and techniques of known adversaries. AttackIQ’s first entry earlier this year was an emulation plan for cybercrime group FIN6, which targets payment card data from point-of-sale systems. AttackIQ also collaborated with the MITRE Engenuity team to publish a new MITRE ATT&CK for Dummies book, available for free to security practitioners.

- As part of its mission to make the world safe for compute and to improve security control effectiveness, AttackIQ introduced the Preactive Security Exchange (PSE) in conjunction with 40+ leading vendors such as Cylance, Cisco, Microsoft, LogRhythm, and SentinelOne. The PSE ecosystem focuses both on technical integration and on a shared mission to improve the overall security posture of the companies’ joint customers.

Brief Overview

AttackIQ intends to turn breach and attack simulation (BAS) into a multi-billion dollar market by helping customers optimize their cybersecurity programs, beginning with addressing the most overlooked issue: control effectiveness. AttackIQ’s Security Optimization Platform delivers automated insights on control performance, enabling smarter investment decisions. AttackIQ builds on the MITRE ATT&CK framework of adversary tactics, techniques, and procedures and emulates them so customers can exercise their controls in the same way adversaries do, in production. Customers are able to fully automate security validation and have a continuous feedback loop of meaningful metrics and actionable information to make sound decisions about their security operations, compliance, and risk management investments.

AttackIQ customers include leaders in banking, healthcare, financial services, technology and governments, among others. Today, 1 in 5 (20%) of AttackIQ’s customers are Fortune 1000 or Global 2000 companies that are struggling with a plethora of controls in their infrastructure, and are turning to AttackIQ for solutions.

For companies with limited security resources, AttackIQ offers a managed Security Validation Service enabling them to realize the substantial benefits of a continuous security validation program without having to operate the platform in-house. AttackIQ’s customer service organization takes a practitioner-led approach by people with in-depth management and technical skills. 90% of the company’s team of field engineers and customer success managers are from prior cyberpractitioner roles, and possess experience and empathy for what it takes to run a cybersecurity program.

AttackIQ uniquely offers at no fee step-by-step blueprints on how to optimize security programs across 26 different use cases. Blueprints provide red, blue, and compliance teams with detailed guidance and answers around: how to rationalize security controls and prioritize testing, which methods for aligning people, processes, and technology will improve program effectiveness, what test scenarios and simulations should they perform, and when?