Crises such as the COVID-19 pandemic bring out the worst—and the best— humankind. In cybersecurity, the worst comes in the form of hostile actors who take advantage of the migration to remote work and stretched IT teams to exploit security failures. The best—dedicated CISOs and their teams—muster their creativity to support the shift to telework and new business processes and deliver effective cybersecurity programs.
In the face of the pandemic this year, our mission as a company, “make the world safe for compute,” was a rally cry. To help the cybersecurity community respond to new work from home challenges and increased attacks, we focused on educating security professionals on the practice of threat-informed defense. We deepened our industry partnerships with both security technology and research organizations to share actionable insights. We collaborated with customers and partners to improve the automation of security control validation against real-world TTPs. For these efforts, I’m honored and humbled to share that AttackIQ was recognized with a 2020 CISO’s Choice Award.
In light of this recognition, I wanted to share a bit more on these three initiatives.
Practice Enablement
We launched AttackIQ Academy in April to help security optimization practitioners become more effective in their roles. The Academy program is completely free of charge and teaches practitioners on all kinds of cybersecurity concepts and methodologies including purple teaming, breach and attack simulation, threat-informed defense, and the MITRE ATT&CK framework. To date more than 8,100 students in 126 countries have enrolled in the Academy to improve their skills, earn ISC(2) CPE credits, and get certified.
We also introduced AttackIQ Blueprints, which are step-by-step guides on how to optimize security programs across multiple use cases or solutions. They provide red teams, blue teams, compliance teams, and security leaders with detailed guidance and answers to questions such as: how to rationalize security controls and prioritize testing, which methods for aligning people, processes, and technology will improve security program effectiveness, what test scenarios and simulations should they perform, and when?
For customers with limited security resources, we began offering a managed Security Validation Service to help smaller organizations leverage testing and validation capabilities “like the big guys” without having to operate the platform in-house.
Partnerships
During the past year, we continued to work closely with MITRE Engenuity’s Center for Threat-Informed Defense (CTID) and helped in the creation of the Center’s threat emulation library, which houses detailed plans to replicate the tactics and techniques of known major adversaries. Our first entry was an emulation plan for the cybercrime group FIN6, which targets payment card data from point-of-sale systems. Jose Barajas from our team played a central role in designing the emulation plan. Just recently, we partnered with the MITRE Engenity team to publish a new MITRE ATT&CK for Dummies book, which is available for free to security practitioners.
To improve security control effectiveness, we introduced our Preactive Security Exchange in conjunction with leading vendors such as Cylance, Cisco, Microsoft, LogRhythm, and SentinelOne. The PSE ecosystem focuses both on technical integration and on our shared mission to improve the overall security posture of our joint customers.
Finally, we launched our council of chief information security officers and technology leaders, the Informed Defenders council, to bring together leading practitioners from the public and private sectors to share security best practices back into the greater community at large. I’m excited to share that we are about to publish our first set of learnings around best practices for CISOs to build rapport and trust with boards.
Platform Innovation
We continued to innovate around our own technology platform, introducing advances in our architecture to better automate how customers test and validate security controls. By adopting continuous security validation versus ad hoc testing, customers save time and money that would otherwise have been spent on outsourced resources. Improvements in our reporting dashboards helped security teams translate scenario testing results into actionable insights that could be used across the entire security organization–not just for a single point in time, but with a complete historical view of how the company’s security posture is trending. With better insights into the performance of existing investments, customers are able to make smarter decisions about where to cut back or invest in order to improve their cyberdefense effectiveness.
As we look ahead to 2021 and beyond, we will continue to share knowledge around the practice of threat-informed defense, deepen our industry partnerships, and advance our platform to make the world safe for compute.