This past year, we funded research at MITRE Engenuity’s Center for Threat-Informed Defense into “micro-emulation plans”, combining adversary tactics, techniques, and procedures into plans that are easier to digest than the Center’s full-scale adversary emulation plans. The Center’s research is publicly available on their open website and GitHub link here. For anyone looking to learn about the MITRE ATT&CK framework and how to validate their cybersecurity program performance, it helps to have an open, public project about micro-emulation planning and how teams can put adversary emulation to work.
But there’s also much more to the story of democratizing adversary emulation. As the industry’s first and leading independent provider of breach and attack simulation solutions and automated security control validation, we at AttackIQ are obviously very bullish about the idea of defense teams learning how to run adversary emulations. We are even more bullish about how AttackIQ does this better than anyone else. The AttackIQ Security Optimization Platform puts adversary emulation into the hands of defenders all over the world, including at Bupa, GE, JetBlue, the U.S. Army, ISS World, and many more. Our assessments, attack graphs, packet capture (PCAP) replay capability, and our open API give defenders the tools they need to run emulations at scale and in production to answer the question: are we ready for the next attack?
This blog post describes some of our recent product updates in reporting and analysis of adversary emulations, and explains our automated testing and security control validation lifecycle in detail. In summary, however, AttackIQ works to put adversary emulation into practice through the following key capabilities: