Volume 2 - July 2020

Welcome to AttackIQ Newsletter, Volume 2. As a part of our continued mission to help you improve your cybersecurity strategy, we will periodically share recent news, preview upcoming events, and send you resources to help. This is, of course, a two-way street. We welcome your input on this issue's content and ideas for future topics. Drop us an email at [email protected], message us on Twitter at @attackiq, or share your thoughts on LinkedIn @attackiq. Thank you and enjoy!

In This Update:

  • AttackIQ has been keeping busy this quarter. First, we are happy to announce the launch of our new Preactive Security Exchange. Trustworthy and objective are the key words of the Preactive Security Exchange platform, where security vendors can demonstrate the value and efficacy of their products while identifying opportunities to improve their security controls. See here for all partners on the Preactive Security Exchange.

  • We also would like to announce the launch of our Security Optimization Platform! Between advanced cyberattacks exposing businesses to greater risk and heavily scrutinized cybersecurity spending, the urgency to improve and streamline cyberdefense has never been greater. Read here on how AttackIQ is arming cybersecurity leaders with better decisions, better insights, and real security outcomes.

  • Finally, our CEO, Brett Galloway, speaks more about the challenges CISOs face in these trying times.

  • See below for these stories and more.

Read this newsletter on our website


CEO’s Corner

AttackIQ’s CEO Brett Galloway’s Update
Security Optimization Platform Launch

“AttackIQ’s business is not security testing,” Brett Galloway says in his blog post announcing the Security Optimization Platform.

“If you know AttackIQ, you probably know us as the leading independent vendor of Breach & Attack Simulation systems. We build the best security control validation solution available. So how is it that I say our business is not security testing? Security testing is a major feature of our software platform, but our business is empowering the CISO to design, build, and operate an effective, efficient, and agile security program. In this blog, I talk about why that job is getting harder and our strategy to help the CISO succeed”.

Click here to read more from Brett Galloway about the Security Optimization Platform and how and why it helps CISOs improve the efficiency and effectiveness of their security program.



Security Optimization Platform Launch
AttackIQ is proud to announce the first ever Security Optimization Platform in the industry. The Security Optimization Platform was built from the ground up by security experts to help leaders in the industry move towards strategic programs balancing risk and value. With the Security Optimization Platform, organizations can strengthen their cyberdefenses through continuous control validation while improving program effectiveness and efficiency.

Read more here about how the AttackIQ platform arms security and risk leaders with improved, automated insights.

Preactive Security Exchange Launch
From AttackIQ comes the latest platform for security vendors to demonstrate and improve their tools of the trade. The current landscape of the cybersecurity industry is crowded with too many options for CISOs, who are unsure these tools are meeting their needs. With the Preactive Security Exchange (PSE), vendors and customers alike can validate the products they possess to ensure that the controls deployed are indeed working or, if necessary, find ways to improve them.

Here, you can find read through the press release on how the PSE can better help your current cybersecurity needs.


Think Bad, Do Good Podcast

Threat-Informed Defense and Purple Teaming: Lessons from U.S. Cyber Command
Effective cybersecurity no longer can afford to only meet the baseline of network defense. Today’s landscape, where every aspect of modern civilization is a potential target of malicious actors, requires a shift towards a threat-informed defense approach. An approach that doesn’t put the onus of adversary analysis on red teams, but unifies that mindset across all teams.

In our blog on Threat-Informed Defense and Purple Teaming, you can read further on how both can benefit and be implemented into your organization. Also, check out our Podcast featuring Jonathan Reiber and Ben Opel for more information on the topic here.


AttackIQ Academy Update

Learning Paths
Interested in learning more about purple teaming or breach and attack simulation? AttackIQ Academy offers three Learning Paths: Purple Teaming, Breach and Attack Simulations, and MITRE ATT&CK. Each of these paths feature instructor-led courses from professionals in the cybersecurity field. Finishing the courses earns you a badge in each of the three Learning Paths that you can post to your LinkedIn or other social media!

See more here, where you can sign up with AttackIQ Academy and start learning today!


AttackIQ Blog

AttackIQ includes MITRE ATT&CK’s New Subtechniques
MITRE ATT&CK has been beta testing more ATT&CK subtechniques over the last year. The result: a restructuring of the ATT&CK framework, providing a more granular organization of adversary tactics, techniques, and procedures (or, TTPs). See more on our blog how MITRE ATT&CK is evolving and improving!

Read the blog

What Security Teams can learn: COVID-19 Researcher & Twitter Attacks
This July has seen two conspicuous cyberattacks. One was from the Russian-sponsored hacker group APT29, attacking Western institutions to steal critical research on COVID-19 vaccines and treatments. The other was a wide-range hack on some of the most high-profile people on Twitter. But what can security teams learn from this attack? Chris Kennedy in this blog shares knowledge and more!

Read the blog
Check out all of our blogs


Live New Feature

New MITRE ATT&CK Features and More!
There’s an arsenal of new features now part of MITRE ATT&CK, featuring new subtechniques, scenarios, and more. AttackIQ has prepared for you a live feature demo going over several new ways to utilize MITRE.


Customer Spotlight

An Incredibly Successful Customer
This firm is a Fortune 500 communications company specializing in the design and manufacturing of telecommunications products and services. Its leading-edge inventions have transformed the world’s way of connecting, computing, and communicating. It also possesses a licensing business with a large patent portfolio, engaging in several engineering and research projects. To protect such crucial technology and its information, this firm chose AttackIQ as the platform for its breach and attack simulations (BAS) to operationalize MITRE ATT&CK.

Read the full case study


NEW 60-Day Free Trial of AttackIQ Platform

Deploy Breach and Attack Simulation - Are You Protected?
Deploy our award-winning breach and attack simulation platform! Are your security controls working as you expect? With AttackIQ Platform, you’ll be able to:

  • Measure and validate detection and prevention capabilities
  • Utilize a methodology for selection of security technologies
  • Maximize the effectiveness of security infrastructure
  • Prioritize resource allocation
  • Identify security gaps and blind spots
  • Create a data driven security lifecycle

...All in one place.

Register for your free trial today

Thank you for reading our newsletter. Please do send us a note if you have any questions or ideas. We’d love to hear from you! You can email us at [email protected], follow us on Twitter at @attackiq, or find us on LinkedIn at @attackiq.