October 21, 2021
ESG has just released the key findings of its cybersecurity hygiene and posture management survey, and in a poll of 400 cybersecurity professionals in North American enterprises, the number one action respondents said would improve cybersecurity hygiene? You guessed it: continuous security control validation.
October 15, 2021
Recently, AttackIQ was notified that an Iranian threat actor had created a fake domain and fraudulent website (attackiq[.]ir) impersonating AttackIQ and abusing the company brand. This blog is an account of what happened and how AttackIQ responded, and it aims to provide insights to help organizations prepare to deal with similar Brand Reputation Abuse situations.
October 4, 2021
To echo a famous Russian proverb, “trust but verify,” it’s not enough to implement a zero trust architecture. Continuous testing is the only way to achieve real cybersecurity readiness.
August 24, 2021
Healthcare is the most targeted sector for data breaches, and ransomware attacks were responsible for almost 50 percent of all healthcare data breaches in 2020. How should healthcare companies proceed? Our guest blogger in this ransomware series is Tracy Cohen, a cybersecurity expert with over a decade of experience managing cybersecurity risk in the healthcare and biopharma sector. She is also a licensed skydiver,
August 13, 2021
Why I’m Particularly Proud AttackIQ Made the 2021 Fortune Great Place to Work List
August 9, 2021
In 2020, three of the top 10 most searched terms were, unsurprisingly, healthcare-related. (Coronavirus, coronavirus update, coronavirus symptoms.) We’ve never been so attuned to what’s happening in our healthcare systems and hospitals.
July 29, 2021
How do you improve your security posture by standing up a purple team strategy? Here are 10 important things to keep in mind from the Purple Teaming for Dummies eBook.
July 16, 2021
The purple team construct is changing cybersecurity for the better. Here is how you build, lead, and manage effective purple team operations.
July 9, 2021
CFOs are often perceived as gatekeepers to the company’s cash coffers. With different functional leaders vying for project investments, it is true that the role of the CFO is to help prioritize the company’s spend, based on the business growth plan and trajectory.
June 24, 2021
This past week, AttackIQ launched its inaugural Purple Hats Conference—where more than 3,000 cybersecurity practitioners, partners, and pros joined to collaborate, share ideas, and learn how to evolve from a reactive to proactive threat informed defense strategy.
June 22, 2021
There are a number of ways that the MITRE ATT&CK framework can be used in your cybersecurity practice. Here are 10 of the most important as laid out in the MITRE ATT&CK for Dummies eBook.
April 26, 2021
The goal is greater visibility and effectiveness.
April 9, 2021
In advance of the new Biden administration cybersecurity executive order, it’s time for the federal government to get proactive about cybersecurity. Deploying a validated zero trust architecture for the U.S. government’s most critical high-value assets is an aggressive but achievable goal.
March 23, 2021
AttackIQ’s new architecture upgrade makes it possible for customers to emulate comprehensive, multi-stage adversary cyberattack campaigns with realism and specificity, at every step in the kill chain. Check it out.
February 16, 2021
Adversaries love to hide malware in images, a tactic called data obfuscation. To help you solve this problem, at AttackIQ we have built scenarios to test your defensive capabilities’ ability to detect and prevent image-based malware. Read on to learn how it works – and how you can obfuscate data on your own to test your defenses.
February 8, 2021
AttackIQ’s Security Optimization Platform gives an agency a proactive—rather than a reactive—security posture. It enables continuous validation of security controls to definitively establish the effectiveness of key initiatives, to include zero-trust controls that prevent adversaries from moving laterally across a network, as in the case of SolarWinds.
December 23, 2020
Defensive technologies can provide meaningful capabilities to isolate the adversary from compromised systems as defenders and threat hunters inspect their networks, preventing further reconnaissance and lateral movement, but only if their effectiveness is tested and validated.
December 15, 2020
The alignment of NIST 800-53 and MITRE ATT&CK creates a unique opportunity for red, blue, and white teams to understand each other—and how they can work together to build a fully compliant and mature cybersecurity program.
