Volume 1 - May 2020

Welcome to the first AttackIQ newsletter! As a part of our continued mission to help you improve your cybersecurity strategy, we will periodically share recent news, preview upcoming events, and send you resources to help. This is, of course, a two-way street. We welcome your input on this issue's content and ideas for future topics. Drop us an email at [email protected], message us on Twitter at @attackiq, or share your thoughts on LinkedIn @attackiq. Thank you, and enjoy!

In This Update:

  • It’s been a busy quarter for AttackIQ. We launched a new scenario to emulate the Russian government’s (APT29) cyberattack behavior and help customers operationalize the MITRE ATT&CK framework of known adversary tactics, techniques, and procedures. We’re helping organizations validate their security controls against advanced intruders like the Russian government, particularly as the 2020 election approaches. Be sure to check out the new CISO’s guide to APT29 and webinar on how to counter APT29.

  • We published new content to help customers improve their security. Our Chief Commercial Officer, Carl Wright, appeared on the Risky Business podcast to talk about tool rationalization and more. In our blog, we wrote about the dangerous cybercrime group FIN7 and explained how our emulation plans can help you secure the Cloud.

  • Finally, our CEO, Brett Galloway, has a message in the CEO corner about the company’s mission and approach to threat-informed defense.

  • See below for these stories and more.

Read this newsletter on our website


CEO’s Corner

AttackIQ’s CEO Brett Galloway’s Update
Why are we calling our newsletter “threat-informed defense”?

This is our inaugural AttackIQ newsletter, and you may wonder why we chose to call it “threat informed defense”. We believe that the cybersecurity community is evolving from a fortress mentality of “network defense” to a “threat-informed defense” approach. Doing so will improve the overall cybersecurity posture more cost-effectively. What does this mean for the industry, how does this approach inform our strategy as a company, and how are we giving back to the community to make it happen?

It helps to start at the foundation. For us, that foundation is MITRE ATT&CK. MITRE ATT&CK is a globally available, free, open framework of known adversary tactics, techniques and procedures (TTP’s). Knowledge of adversary behavior was previously reserved for elite operators or national security practitioners in a classified environment. The MITRE Corporation, a federally funded non-profit research and development organization working in the public interest, built the ATT&CK framework to help defenders all over the world focus on the threats that matter most.

As MITRE says, a threat-informed defense strategy “applies a deep understanding of adversary tradecraft and technology to protect against, detect, and mitigate cyber-attacks.” What does that mean for us at AttackIQ? We build automated adversary emulations to test your defenses against well-defined threats (using the MITRE ATT&CK framework), measure the effectiveness of those defenses, and execute improvements continuously. That’s part of how we help security teams adopt a threat-informed defense strategy.

Why is this new approach so important? Traditionally, network defenders focused their defensive strategies on meeting baseline cybersecurity best-practices: correcting misconfigurations, administering patches, and deploying best-in-class commercial products. Defensive “blue” teams were focused on defending the home terrain. Organizations also spent money on building or employing “red” teams or penetration teams to adopt an adversarial approach and to test the blue team’s defenses. However, calling them red and blue teams suggests a picture of balanced opposing teams that is not remotely accurate. Blue teams are vastly larger and spend much more than red teams. Red team testing is episodic, and the coverage delivered is vastly smaller than the scale of the blue team’s defenses. If the defenses are not oriented toward the most important threats, then those resources are wasted. And if they are not tested against the important threats, then they are likely to fail when challenged by the adversary, letting the adversary slip past.

We believe this requires a platform that can test security controls against MITRE ATT&CK tactics, techniques, and procedures safely and at scale. That is what we do at AttackIQ. Red teams use AttackIQ to do routine testing, freeing them up to do more advanced testing. They can then use our open platform to capture and codify new tests to make them routine. Blue teams use AttackIQ to validate that their security controls are working, and, when they’re not working, to correct them.

When AttackIQ is used in this way, it enables purple teaming. Purple teams focus on the overarching threat landscape, they understand their security technologies, and they understand their organization and its operational attributes. Purple team doctrine ensures that organizations optimize their cybersecurity readiness continuously. The combination of MITRE ATT&CK, AttackIQ as a cybersecurity optimization platform, and purple teaming as an operational construct delivers a threat-informed defense.

That’s why our newsletter is called “threat-informed defense”. That’s why we joined MITRE’s Center for Threat-Informed Defense as a founding research partner. And that’s why we recently launched the AttackIQ Academy. AttackIQ Academy features industry experts teaching free classes on Operationalizing MITRE ATT&CK, Breach and Attack Simulation, and Purple Teaming. We were frankly overwhelmed at the demand for these courses and are therefore scaling up capacity as fast as we can. We would love to have you join us in our Academy classes; you can sign up at https://attackiq.com/academy.

Thank you very much for your partnership, and I welcome your thoughts along the way.



Russian emulation (APT29)
Published on: February 26, 2020
In 2016 a group of hackers affiliated with the Russian government, APT29, made headlines when they hacked the Democratic National Committee systems ahead of the U.S. presidential election. Since then they have continued their activities, including compromising three European ministries of foreign affairs in 2019. This technically skilled group primarily targets governments and related entities to interfere in elections and undercut popular trust in democratic processes and institutions.

We’re proud to provide an emulation plan of APT29’s attack chains by simulating their known tactics, techniques, and procedures in 45 scenarios that cover 56 MITRE ATT&CK techniques. The scenarios will help you validate that your cyber defenses are prepared for what comes.

Our blog post on the topic and our CISO’s Guide to APT29 discuss how to use this template to best defend against APT29. Our recent webinar further covers how to test that your defenses are prepared. To see for yourself how our emulation plan can help defend against APT29, check out our free trial.

Read the blog


NEW 60-DayFree Trial of AttackIQ Platform

Deploy Breach and Attack Simulation - Are You Protected?
Deploy our award-winning breach and attack simulation platform! Are your security controls working as you expect? With AttackIQ Platform, you’ll be able to...

  • Measure and validate detection and prevention capabilities
  • Utilize a methodology for selection of security technologies
  • Maximize the effectiveness of security infrastructure
  • Prioritize resource allocation
  • Identify security gaps and blind spots
  • Create a data driven security lifecycle

...All in one place.

Register for your free trial today


Risky Business Podcast

AttackIQ Academy on Risky Business
Published on: April 14, 2020
Interested in how you can operationalize MITRE ATT&CK, rationalize your security stack, and leverage cyber ranges? Listen to what AttackIQ CRO Carl Wright has to say on Patrick Gray’s Risky Business podcast.


AttackIQ Blog

Fingerprinting FIN7
Published on: April 20, 2020
The hacking group FIN7 has breached thousands of businesses to steal millions of credit card records in the U.S. alone, according to the U.S. Department of Justice
. This financially motivated group primarily targets hospitality, restaurant, and gaming sector businesses using malware in point-of-sale systems, but they’ve hit a wide variety of other industries as well. Is your business protected against them? Our emulation plan can help you defend your company.

Read the blog

Defeating a Cloud Breach
Published on: April 14, 2020
Are you certain that you are successfully monitoring and identifying all unexpected access to your information stored in the cloud? We have built emulation plans to help you prepare for cloud-focused attacks on your data.

Read the blog
Check out all of our blogs


Customer Spotlight

A Financial Industry Success Story
A leading hedge fund with billions in assets under management and over 1,000 employees around the world needed to become better equipped to accurately and objectively assess the performance of its security controls, personnel, and related processes due to the increase in cyber threat activity over the past several years. The firm sensed that a breach and attack simulation system operationalizing MITRE ATT&CK would best enable it to reach these goals. “MITRE ATT&CK gave us the ideal framework to meet our target use cases with AttackIQ’s breach and attack simulation platform,” the firm’s cyber defense team reported. “It also made it easier to objectively manage accountability between the security operations, information technology, and our internal networking group.”

Read the full case study