|
|
Volume 3 - October 2020
Welcome to the AttackIQ Newsletter, Volume 3! As a part of our continued mission to help you improve your cybersecurity skills and posture, we’re sharing the latest resources and news you and your team can use. We welcome your input on this issue's content and ideas for future topics. Drop us an email at [email protected], message us on Twitter at @attackiq, or share your thoughts on LinkedIn @attackiq. Thank you, and enjoy!
In This Update:
-
In a historic first, AttackIQ worked with industry leaders and MITRE’s Center for Threat-Informed Defense to develop an adversary emulation plan designed for the public. This plan emulates the cybercrime group FIN6, and includes a detailed intelligence analysis paired with a step-by-step guide for emulating the group’s methods. Over the coming months and years, the Center for Threat-Informed Defense will develop a library of adversary scenarios for the public to use. Read more from Carl Wright, AttackIQ’s chief commercial officer, about why and how this will transform the cybersecurity industry and help organizations better defend themselves against advanced threats.
-
We’ve also taken steps to better address the threat of ransomware and published new content about how to safeguard the election, including an essay about disinformation, cybersecurity, and the election and a new AttackIQ podcast with leaders from Harvard’s Defending Digital Democracy project, Robby Mook, Siobhan Gorman, and Maria Barsallo Lynch. You can learn about our approach to ransomware, read the essay, and listen to the podcast (or read the transcript) at the links below.
-
Finally, this quarter, AttackIQ integrated with LogRhythm’s NextGen SIEM Platform to expand the Preactive Security Exchange. AttackIQ's Security Optimization Platform provides insights to LogRhythm’s SIEM Platform, validating that endpoint defenses are working as designed. This integration is available now at no additional cost for pipeline control testing. Read more about all of these stories below.
-
If you’re an existing customer, partner or Academy student, you’re eligible to become an AttackIQ Informed Defender and join our community of cyber practitioners. Contact Jenni Opel, our community manager, for more details. Start networking with peers, sharing ideas, and earning rewards today!
Read this newsletter on our website
|
|
|
|
View from the Top
AttackIQ’s CCO Carl Wright on a historic emulation plan, built for the public.
“Today’s announcement marks the first time that industry leaders have collaborated to produce an attack emulation plan built specifically to help the public. The MITRE team worked with global companies including AttackIQ to apply research from the cybersecurity community to emulate FIN6, a group that has proven to be an adaptive and dangerous threat. The goal of this project, the first of many the Center has planned, is to give security teams a detailed emulation plan that they can use to evaluate their cyberdefense capabilities from a threat-informed perspective.”
Read more on this historic announcement here.
|
|
|
|
Feature
LogRhythm Integration What do you get when you combine the power of the LogRhythm security information and event management (SIEM) platform with the industry’s leading security optimization solution? A dynamic duo to alert your security analysts about potential control gaps and SIEM configuration issues.
Read more in this quick brief here
|
|
|
|
Think Bad, Do Good Podcast
Episode 4: FIN6 Emulation Plan and MITRE’s Center for Threat-Informed Defense Join Jose Barajas and Jonathan Reiber for Episode 4 of “Think Bad, Do Good” as they explore the FIN6 emulation plan and the work at the Center for Threat-Informed Defense that led to its development. What is the broad utility of this emulation plan, and how can cybersecurity teams best take advantage of all that it has to offer? How can emulation plans help organizations improve their cybersecurity by taking on a threat-informed defense approach more broadly? Tune in to learn more from our experts.
Click here to read more and listen to the podcast
Episode 5: Defending Digital Democracy: Mis/Disinformation and the 2020 Election Join cybersecurity and public affairs experts Robby Mook, Siobhan Gorman, and Maria Barsallo Lynch of Harvard’s Defending Digital Democracy project as they discuss the coming presidential election and how state and local government officials and American citizens can take steps to assure its integrity. Over the last four years, these individuals have played significant leadership roles in the United States in helping the states learn about and prepare for cyberspace operations and disinformation operations alike, and, last week, the Harvard team released The Election Influence Operations Playbook to help election officials manage the threat of disinformation operations to the election.
Click here to read more and listen to the podcast
Episode 6: Julia Voo and the National Cyber Power Index Julia Voo once auditioned for a part in Harry Potter because she wanted to go to Hogwarts. But it was much cooler to be a British foreign service officer in Beijing after Brexit covering China’s approach to cybersecurity policy and artificial intelligence from a trade perspective. Now, she’s crushing it on China and cyber policy at Harvard’s Belfer Center, where she serves as a Fellow, and has just led a global team in a comprehensive review of global cyber powers.
In this episode, host Jonathan Reiber talks with Julia about how an innocuous one-off conversation kicked off the National Cyber Power Index (NCPI), the nature of cyber power in international relations, and the future of U.S.-China relations.
Click here to read more and listen to the podcast Watch these installments or catch up on previous episodes
|
|
|
|
AttackIQ Academy Update
NEW FIN6 Emulation Plan Course This course deep dives into the emulation plan focused on FIN6. With a comprehensive four-year span of threat intel collected from 10-plus leading cybersecurity vendors, this course delivers on an in-depth threat analysis of the notorious hacker group. By gaining an understanding of FIN6 and its methods with the emulation plan, students will learn how to leverage this intelligence into actionable defense plans for their enterprise.
Enroll for this course here
|
|
|
|
AttackIQ Blog
This election year, the health of the Union depends in part on how we safeguard our information Jonathan Reiber and Chris Kennedy
Cybersecurity does not exist in a vacuum, and current socio-economic pressures make the United States more vulnerable to cyberattacks of all kinds. With the U.S. presidential election underway, Americans need to take practical steps to defend our democratic processes, both online and off. This essay by Jonathan Reiber and Chris Kennedy outlines some of the issues facing the United States in advance of the election, shares insights from AttackIQ's recent podcast with leaders of Harvard's Defending Digital Democracy project, and offers specific steps to manage the cybersecurity challenges of this moment.
Read here for more
Counter ransomware with AttackIQ’s Security Optimization Platform Mark Bagley, Jonathan Reiber, and Vinod Paris
Ransomware is on the rise, particularly against city government and hospitals. In advance of the 2020 U.S. presidential election, how does the AttackIQ Security Optimization Platform help businesses to defend themselves? Mark Bagley offers his insight on how AttackIQ’s new assessments strengthen organizations’ defenses.
Read here for more
Blog Post: Time to prepare for increased U.S.-China tensions in cyberspace, by Jonathan Reiber Last week, the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to critical infrastructure owners and operators across the United States to be vigilant for potential Chinese cyberspace operations given heightened tensions between the two countries. What does the CISA alert recommend, why is it important to follow it, and what is the future of U.S.-China relations?
Read here for more Check out all of our blogs
|
|
|
|
|
|
Customer Spotlight
Ahead of the 2020 Elections, AttackIQ is a Force Multiplier for One State’s CISO As prime targets for cyberattacks, state governments are challenged to manage the risks to their systems, applications, and data. One acute risk is foreign interference in U.S. elections to manipulate electoral outcomes. To prepare for each election cycle, state CISOs must ensure that all their existing cybersecurity controls are working as expected. If they need to procure additional security technology, CISOs must have an objective way to validate vendor claims regarding the efficacy of their products. One state CISO, the head of a team that has been using the AttackIQ platform for the past year, explains how his department uses AttackIQ to achieve these goals.
Read the full case study
|
|
|
|
Press Room
What We’ve Been Up To
- October 6th, 2020, New CRITICALSTART and AttackIQ Partnership
- Sept. 29, 2020, The Universal Health Services Ransomware Attack: Key Findings
- Sept. 22, 2020, Government issues alert on spread of information stealing LokiBot malware
- Sept. 22, 2020, AttackIQ Announces Integration with LogRhythm NextGen SIEM Platform
- Sept. 15, 2020, MITRE Engenuity Center for Threat-Informed Defense Releases FIN6 Adversary Emulation Plan
Read all our press releases Check out all press coverage
|
|
|
|
|
|
Get an AttackIQ Demo
Join Us for an Upcoming Demo Are you new to AttackIQ or know someone who’d like to see security optimization in action? Join our cyber experts for a weekly live demo showcasing key AttackIQ platform features with Q&A! Our weekly demos begin on October 8th.
Register for a weekly demo here
Thank you for reading our newsletter. Send us a note if you have any questions or ideas—we'd love to hear from you! Email us at [email protected], follow us on Twitter at @attackiq, or find us on LinkedIn at @attackiq.
|
|
|