August 23, 2023
The implications of not conducting security control testing are profound. Adversaries are relentless and will exploit vulnerabilities if given the chance. The potential impact includes data breaches, financial losses, damage to reputation, and regulatory penalties.
August 3, 2023
AttackIQ has helped hundreds of companies across the global 2000 to conduct automated testing at scale, powered by MITRE ATT&CK. Building on a decade of success, we are now making testing available for everyone. Here’s what that means.
December 8, 2022
A look back at how AttackIQ’s customers and advanced research, as well as key players in the analyst community, helped propel the breach and attack simulation market forward in 2022.
August 10, 2022
AttackIQ’s Adversary Research Team has released two new assessments to test endpoint and network controls’ ability to prevent widely utilized malware families.
July 29, 2022
Hot off the press, IDC has released an IDC Business value White Paper, sponsored by AttackIQ, that explores the business value and benefits of using the AttackIQ Security Optimization Platform.
June 2, 2022
AttackIQ has released a new scenario to test your security controls against exploits used in the Follina 0-day. This new scenario helps security teams validate visibility, patching, security controls, and logging in their environments relative to this pervasive 0-day vulnerability. Elevate your security program performance using AttackIQ.
April 11, 2022
The award-winning Purple Hats Conference is the industry destination for cybersecurity practitioners around the globe to collaborate, share ideas, and learn how to evolve cybersecurity strategies from a reactive to proactive threat-informed defense. We’re just days away from the best “cyberforum of the year” and you won’t want to miss it—and there’s still time to join. Here we’re breaking down for you five reasons you don’t want to miss Purple Hats.
March 18, 2022
AttackIQ has released a new attack graph to emulate Russia-based threat actors as they exploit multi-factor authentication protocols to disable MFA. This blog describes the scenarios we have included in the new attack graph to emulate the adversary and then, to inform a purple team construct for cyberdefense operations, it provides detection and mitigation recommendations that you can use to improve your security program effectiveness. Read on for more.
March 8, 2022
To prepare for a potential cyberattack from Russia-based actors, you can begin by testing your security controls against known adversary tactics. The vast majority of cyberattacks use tactics and techniques that have been employed in the past. This blog walks you through key known tactics and techniques, and highlights scenarios in the AttackIQ Security Optimization Platform that you can use today to test your defenses and improve your cybersecurity readiness.
February 9, 2022
The Center for Threat-Informed Defense is transforming the practice of cybersecurity and elevating security teams’ performance all over the world. This blog post looks at research highlights from Center’s retrospective 2021 Impact Report, explains why the Center is so important to us at AttackIQ, and shows security teams how to elevate their program performance using a range of free educational resources derived from the Center’s research.
December 13, 2021
This article focuses on helping organizations to assess the effectiveness of their compensating controls, enable a threat-informed defense with breach and attack simulation plus the MITRE ATT&CK framework, and interdict the adversary post-breach to drive down risk.
October 27, 2021
We’re familiar with red teaming and blue teaming, but have you heard about purple teaming? This blog dives into facts you may not be aware of around this new team construct meant to foster collaboration between red and blue teams for a stronger cybersecurity practice.
October 21, 2021
ESG has just released the key findings of its cybersecurity hygiene and posture management survey, and in a poll of 400 cybersecurity professionals in North American enterprises, the number one action respondents said would improve cybersecurity hygiene? You guessed it: continuous security control validation.
October 6, 2021
The rapid growth in our company isn’t just because we have the best platform for breach and attack simulation (we do). It’s because no other company is as invested as we are in helping you build a threat-informed defense practice that delivers measurable results.
October 4, 2021
To echo a famous Russian proverb, “trust but verify,” it’s not enough to implement a zero trust architecture. Continuous testing is the only way to achieve real cybersecurity readiness.
August 24, 2021
Healthcare is the most targeted sector for data breaches, and ransomware attacks were responsible for almost 50 percent of all healthcare data breaches in 2020. How should healthcare companies proceed? Our guest blogger in this ransomware series is Tracy Cohen, a cybersecurity expert with over a decade of experience managing cybersecurity risk in the healthcare and biopharma sector. She is also a licensed skydiver,
August 13, 2021
Why I’m Particularly Proud AttackIQ Made the 2021 Fortune Great Place to Work List
July 29, 2021
How do you improve your security posture by standing up a purple team strategy? Here are 10 important things to keep in mind from the Purple Teaming for Dummies eBook.
July 16, 2021
The purple team construct is changing cybersecurity for the better. Here is how you build, lead, and manage effective purple team operations.
June 24, 2021
This past week, AttackIQ launched its inaugural Purple Hats Conference—where more than 3,000 cybersecurity practitioners, partners, and pros joined to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense strategy.
March 17, 2021
AttackIQ has added Atomic Red Team to our assessment library, bolstering our testing capabilities to further improve our customers’ security effectiveness.