Step-by-Step Guides for the Practice of Threat-Informed Defense

Today companies and nation-states all over the globe are engaged in a long-term sustained conflict in cyberspace. It is not a kinetic conflict; instead, it occurs online and in the gray space below the level of declared hostilities. Competitors and adversaries steal intellectual property, spread disinformation, and break into critical infrastructure.

We have known about the cyberthreat for years. Yet today, even after decades of investment and billions of dollars spent on cybersecurity, government agencies and private companies remain vulnerable. Why? They lack visibility into their cyberdefense effectiveness and are therefore unprepared for attacks. Without clear metrics of security effectiveness, organizations have no idea how well their defenses perform under attack.

To fix this problem requires a transformation in strategy. On the basis of cutting-edge threat research, the security community is moving away from traditional approaches and towards a threat-informed defense strategy with automation at the center.

What does that mean? A threat-informed defense strategy focuses an organization’s cyberdefense capabilities on the threats that matter most. Verizon reports that 82 percent of all breaches should have been stopped by enterprise security controls but weren’t. Why? Security controls fail because they are never tested effectively. By testing a security program continuously and in an automated fashion, organizations can identify problems and errors, find gaps, and make data-informed management and investment decisions to improve security program effectiveness.

That is what our platform does. At AttackIQ, our software runs automated scenarios (aligned to the MITRE ATT&CK® framework) against an organization’s security controls to determine how well they perform. On the basis of automated testing, our Security Optimization Platform generates real data about security program performance. That data provides leaders with better insights and helps them make informed decisions about their people, processes, and technologies.

Blueprints are AttackIQ’s step-by-step guides to align people, process, and technology to deliver security optimization across an organization’s security program.

Security optimization is about aligning security and risk services programmatically with the business. It is the management practice of maximizing the efficiency and effectiveness of your total security program by ensuring that existing security control investments are measured, monitored, and modified continuously.

The security optimization lifecycle.

Detailed, practical step-by-step guides, our blueprints help customers use the Security Optimization Platform to deliver up to 26 distinct optimization solutions across the security program. These solutions anchor to existing functions in the security organization — from compliance to managed security service assessments to pipeline validation

The security optimization journey, mapped by blueprint.

Our foundational blueprint focuses on Automated Testing. It helps you achieve early wins in the security optimization process.

Our blueprint on Compliance Optimization builds on our work with MITRE Engenuity’s Center for Threat-Informed Defense to align the MITRE ATT&CK framework to the National Institute of Standards and Technology (NIST)’s 800-53 security control framework and the related Department of Defense (DoD) Cybersecurity Maturity Model Certification (CMMC). Our Compliance Optimization Blueprint  walks customers through the practical steps required for using the AttackIQ Security Optimization Platform to validate your compliance effectiveness through a threat-informed defense approach.

By focusing your cyberdefenses on the threats that matter most and assessing your security controls against known threat behaviors as outlined under the ATT&CK framework, you can use the AttackIQ Security Optimization Platform to deliver real performance data about your compliance under a range of regulatory measures. You can now answer the question from your board and regulators: how well is your cybersecurity program performing? Our Blueprints help you achieve compliance optimization, from beginning to end.

We’re just getting started! Stay tuned for more blueprints to come to help you make the most of the AttackIQ Security Optimization Platform and increase your cybersecurity effectiveness.

Informed by Deep Partnerships

Our blueprints are informed by our deep partnerships across the research and cybersecurity communities. As security professionals, we engage daily with leaders in security and technology in Washington, D.C., Silicon Valley, and across the country. Our partnerships help shape our approach to technology development, to defense operations, and, ultimately, our blueprints and advice to our customers. Our engagement with threat intelligence and cyberdefense best practices help inform our blueprints and help us guide our customers on the path to success.

The MITRE Corporation created industry frameworks and standards like MITRE ATT&CK as well as Common Vulnerabilities and Exposures (CVEs), and AttackIQ is proud to be a founding member of MITRE Engenuity’s Center for Threat-Informed Defense, a research and development organization focused on advancing the state-of-the-art and the-state-of-the-practice in threat-informed defense. Together with other Center participants, we conduct applied research and advanced development to improve cyberdefense at scale for the global community. The Center brings together the best security teams from around the world to identify and solve the most-pressing problems facing cyber defenders.

In addition, we also bring our customers and the cybersecurity partner community together through the Preactive Security Exchange, a comprehensive program to help mutual customers be proactive about preventable security failures. The Preactive Security Exchange is focused not just on technical integrations, but on the shared mission to make security effective for our mutual customers.

As security practitioners, we understand that it takes a cultural change to shift an organization towards threat-informed defense and automation. Our background in technology development, national security strategy and operations, policy planning, and building and scaling companies informs our approach to the practice of threat-informed defense. We have helped large enterprises improve their security posture since the field of cybersecurity began, and we know the importance of preparedness and planning to achieve security effectiveness. And that is why we have launched blueprints. Please be in touch if you would like to learn more.