Volume 3 - October 2020

Welcome to the AttackIQ Newsletter, Volume 3! As a part of our continued mission to help you improve your cybersecurity skills and posture, we’re sharing the latest resources and news you and your team can use. We welcome your input on this issue's content and ideas for future topics. Drop us an email at [email protected], message us on Twitter at @attackiq, or share your thoughts on LinkedIn @attackiq. Thank you, and enjoy!

In This Update:

  • In a historic first, AttackIQ worked with industry leaders and MITRE’s Center for Threat-Informed Defense to develop an adversary emulation plan designed for the public. This plan emulates the cybercrime group FIN6, and includes a detailed intelligence analysis paired with a step-by-step guide for emulating the group’s methods. Over the coming months and years, the Center for Threat-Informed Defense will develop a library of adversary scenarios for the public to use. Read more from Carl Wright, AttackIQ’s chief commercial officer, about why and how this will transform the cybersecurity industry and help organizations better defend themselves against advanced threats.

  • We’ve also taken steps to better address the threat of ransomware and published new content about how to safeguard the election, including an essay about disinformation, cybersecurity, and the election and a new AttackIQ podcast with leaders from Harvard’s Defending Digital Democracy project, Robby Mook, Siobhan Gorman, and Maria Barsallo Lynch. You can learn about our approach to ransomware, read the essay, and listen to the podcast (or read the transcript) at the links below.

  • Finally, this quarter, AttackIQ integrated with LogRhythm’s NextGen SIEM Platform to expand the Preactive Security Exchange. AttackIQ's Security Optimization Platform provides insights to LogRhythm’s SIEM Platform, validating that endpoint defenses are working as designed. This integration is available now at no additional cost for pipeline control testing. Read more about all of these stories below.

  • If you’re an existing customer, partner or Academy student, you’re eligible to become an AttackIQ Informed Defender and join our community of cyber practitioners. Contact Jenni Opel, our community manager, for more details. Start networking with peers, sharing ideas, and earning rewards today!

Read this newsletter on our website


View from the Top

AttackIQ’s CCO Carl Wright on a historic emulation plan, built for the public.

“Today’s announcement marks the first time that industry leaders have collaborated to produce an attack emulation plan built specifically to help the public. The MITRE team worked with global companies including AttackIQ to apply research from the cybersecurity community to emulate FIN6, a group that has proven to be an adaptive and dangerous threat. The goal of this project, the first of many the Center has planned, is to give security teams a detailed emulation plan that they can use to evaluate their cyberdefense capabilities from a threat-informed perspective.”

Read more on this historic announcement here.



LogRhythm Integration
What do you get when you combine the power of the LogRhythm security information and event management (SIEM) platform with the industry’s leading security optimization solution? A dynamic duo to alert your security analysts about potential control gaps and SIEM configuration issues.

Read more in this quick brief here


Think Bad, Do Good Podcast

Episode 4: FIN6 Emulation Plan and MITRE’s Center for Threat-Informed Defense
Join Jose Barajas and Jonathan Reiber for Episode 4 of “Think Bad, Do Good” as they explore the FIN6 emulation plan and the work at the Center for Threat-Informed Defense that led to its development. What is the broad utility of this emulation plan, and how can cybersecurity teams best take advantage of all that it has to offer? How can emulation plans help organizations improve their cybersecurity by taking on a threat-informed defense approach more broadly? Tune in to learn more from our experts.

Click here to read more and listen to the podcast

Episode 5: Defending Digital Democracy: Mis/Disinformation and the 2020 Election
Join cybersecurity and public affairs experts Robby Mook, Siobhan Gorman, and Maria Barsallo Lynch of Harvard’s Defending Digital Democracy project as they discuss the coming presidential election and how state and local government officials and American citizens can take steps to assure its integrity. Over the last four years, these individuals have played significant leadership roles in the United States in helping the states learn about and prepare for cyberspace operations and disinformation operations alike, and, last week, the Harvard team released The Election Influence Operations Playbook to help election officials manage the threat of disinformation operations to the election.

Click here to read more and listen to the podcast

Episode 6: Julia Voo and the National Cyber Power Index
Julia Voo once auditioned for a part in Harry Potter because she wanted to go to Hogwarts. But it was much cooler to be a British foreign service officer in Beijing after Brexit covering China’s approach to cybersecurity policy and artificial intelligence from a trade perspective. Now, she’s crushing it on China and cyber policy at Harvard’s Belfer Center, where she serves as a Fellow, and has just led a global team in a comprehensive review of global cyber powers.

In this episode, host Jonathan Reiber talks with Julia about how an innocuous one-off conversation kicked off the National Cyber Power Index (NCPI), the nature of cyber power in international relations, and the future of U.S.-China relations.

Click here to read more and listen to the podcast
Watch these installments or catch up on previous episodes


AttackIQ Academy Update

NEW FIN6 Emulation Plan Course
This course deep dives into the emulation plan focused on FIN6. With a comprehensive four-year span of threat intel collected from 10-plus leading cybersecurity vendors, this course delivers on an in-depth threat analysis of the notorious hacker group. By gaining an understanding of FIN6 and its methods with the emulation plan, students will learn how to leverage this intelligence into actionable defense plans for their enterprise.

Enroll for this course here


AttackIQ Blog

This election year, the health of the Union depends in part on how we safeguard our information
Jonathan Reiber and Chris Kennedy

Cybersecurity does not exist in a vacuum, and current socio-economic pressures make the United States more vulnerable to cyberattacks of all kinds. With the U.S. presidential election underway, Americans need to take practical steps to defend our democratic processes, both online and off. This essay by Jonathan Reiber and Chris Kennedy outlines some of the issues facing the United States in advance of the election, shares insights from AttackIQ's recent podcast with leaders of Harvard's Defending Digital Democracy project, and offers specific steps to manage the cybersecurity challenges of this moment.

Read here for more

Counter ransomware with AttackIQ’s Security Optimization Platform
Mark Bagley, Jonathan Reiber, and Vinod Paris

Ransomware is on the rise, particularly against city government and hospitals. In advance of the 2020 U.S. presidential election, how does the AttackIQ Security Optimization Platform help businesses to defend themselves? Mark Bagley offers his insight on how AttackIQ’s new assessments strengthen organizations’ defenses.

Read here for more

Blog Post: Time to prepare for increased U.S.-China tensions in cyberspace, by Jonathan Reiber
Last week, the U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert to critical infrastructure owners and operators across the United States to be vigilant for potential Chinese cyberspace operations given heightened tensions between the two countries. What does the CISA alert recommend, why is it important to follow it, and what is the future of U.S.-China relations?

Read here for more
Check out all of our blogs


Customer Spotlight

Ahead of the 2020 Elections, AttackIQ is a Force Multiplier for One State’s CISO
As prime targets for cyberattacks, state governments are challenged to manage the risks to their systems, applications, and data. One acute risk is foreign interference in U.S. elections to manipulate electoral outcomes. To prepare for each election cycle, state CISOs must ensure that all their existing cybersecurity controls are working as expected. If they need to procure additional security technology, CISOs must have an objective way to validate vendor claims regarding the efficacy of their products. One state CISO, the head of a team that has been using the AttackIQ platform for the past year, explains how his department uses AttackIQ to achieve these goals.

Read the full case study


Get an AttackIQ Demo

Join Us for an Upcoming Demo
Are you new to AttackIQ or know someone who’d like to see security optimization in action? Join our cyber experts for a weekly live demo showcasing key AttackIQ platform features with Q&A! Our weekly demos begin on October 8th.

Register for a weekly demo here

Thank you for reading our newsletter. Send us a note if you have any questions or ideas—we'd love to hear from you! Email us at [email protected], follow us on Twitter at @attackiq, or find us on LinkedIn at @attackiq.