Special Focus Demos
Breach and Attack Simulation
Security teams need more than point-in-time status data about their security program to achieve cybersecurity readiness. Companies use breach and attack simulation as a foundational means to test and validate that their security controls work as they should. The AttackIQ Security Optimization Platform gives customers the most consistent, trusted, and safest way to test and validate at scale. While competitors test in sandboxes, we allow you to test in production across the entire kill chain, just like the adversary, emulating multi-stage attacks against your security infrastructure. Learn to make your cybersecurity program effective and efficient — and maximize your return on investment.
Using AttackIQ to Prepare for Nation-State Adversaries
Cyberattacks emerge from a range of threat groups, fly-by night ransomware groups using ransomware-as-a-service to organized criminal syndicates to nation-state adversaries. On the face of its, companies may believe that they cannot prepare their defenses against advanced nation-state attackers like Russia and China, but the fact is these adversaries use the same tactics, techniques, and procedures (TTPs) over and over in their campaigns. Defenders can improve their security posture against nation-state attacks by testing their defenses constantly, leveraging reporting capabilities, and adjusting their programs and investments. During this demo, Ken Towne from AttackIQ’s Adversary Research Team (ART) will show you how to use the AttackIQ Security Optimization Platform and its attack graphs, including US-CERT alert responses, to counter nation-state adversaries and optimize your cybersecurity effectiveness.
10 Key Lessons Learned in the Field on Breach and Attack Simulation
Are you new to the world of threat-informed defense and adversary emulation, breach and attack simulation (BAS) or purple teaming? In this demo, you will join one of the leading advisors in breach and attack simulation for a discussion of his top 10 lessons learned from working with companies in the trenches to prepare, plan, and execute a breach and attack simulation or purple teaming project. Regardless of the security capabilities, platform, or framework you have, whether you are a technical operator or a CISO or whether you are on a red, blue, or purple team, this demo will give you practical advice and guidance to maximize your security program effectiveness and achieve peak performance. Join Andrew “AC” Costis to learn from his experience advising companies and helping implement a world-class BAS project.
Malware Emulation of SysJoker and Linux Threats
Cyberattacks against Linux platforms have been steadily increasing in frequency and complexity and represent a real threat to AttackIQ customers. Threat actors exploit weak configurations and a lack of security controls to launch ransomware and crypto-jacking campaigns. Adversaries have built multi-platform malware like SysJoker to run on any system they discover. To help organizations defend themselves against Linux threats and SysJoker, AttackIQ has expanded our emulation library for new Linux-specific techniques and developed new attack graphs. Join this demo with the AttackIQ Adversary Research Team (ART) to learn how these attacks work and how you can use the AttackIQ Security Optimization Platform to validate your security effectiveness against real-world threats.
Measuring Your Security Program Performance Using Kibana and AttackIQ
Security teams need granular and accessible performance data to understand their performance against known threats. AttackIQ has integrated the Kibana reporting technology into the AttackIQ Security Optimization Platform to give customers analytic data to make strategic and operational decisions. AttackIQ’s new reporting capabilities allow you to search your internal data for information, visualize results, and study specific aspects of your security program performance. In this demo, you will learn to use the Kibana dashboards in the AttackIQ Security Optimization Platform to measure your total security posture performance (at a single point-in-time or over time), specific security controls, and your security program effectiveness against specific threat actor tactics, techniques, and procedures in MITRE ATT&CK. Finally, you will learn to use the executive summary to highlight key statistics for your leadership and the board.
Purple Teaming with MITRE ATT&CK in the Oil and Gas Sector: MuddyWater and OilRig/APT34
Cyberattacks have increased significantly against the energy sector as geopolitical tensions have risen, and nation-state-sponsored espionage groups have focused their attacks on oil, gas, and electric companies for over a decade. MuddyWater and OilRig are Iran-based nation-state sponsored intrusion sets that have targeted organizations globally but have the heaviest focus on other nations in the Middle East. MuddyWater has focused targeting on energy (oil), telecommunications and government IT services sectors, while OilRig/APT34 has targeted a variety of sectors beyond just energy, to include financial, government, chemical, and telecommunications. This demo will include a technical overview of campaigns from both intrusion sets. Join AttackIQ researchers and experts to explore how these adversary campaign emulation attack graphs in the AttackIQ Security Optimization Platform can help you validate your security effectiveness against real-world campaigns from these adversaries.
Responding to Emerging Threats: US-CERT and AttackIQ Attack Graphs
The U.S. government has improved its alert process for emerging cyberthreats to the United States and its allies and partners around the world, with the U.S. Computer Emergency Response Team (US-CERT) alert system and the MITRE ATT&CK framework at the center. In response to a new threat, US-CERT uses MITRE ATT&CK to describe observed adversary tactics, techniques, and procedures (TTPs), and following a US-CERT alert, AttackIQ produces comprehensive attack graphs to emulate the attacker with specificity and realism, aligned to the TTPs in the alert. In this demo, join the AttackIQ Adversary Research Team to explore how AttackIQ produces attack graphs and learn how attack graphs can help optimize your cybersecurity readiness and effectiveness.
AttackIQ + Cisco Firepower Integration
If you are a Cisco Firepower customer or evaluating any of the Firepower series, this demo is for you! Watch how automated testing can validate if Cisco Firepower firewalls are detecting and preventing cyberthreats as anticipated. We will show you how to create assessments and generate reports, interpreting testing data to ensure continuous protection against adversary behavior.
Using Global Reporting to Validate the Effectiveness of Your Security Program
Global reporting in the AttackIQ Security Optimization Platform can help you assess what is happening across your entire security program. During this demo you will learn how to apply complex adversary behaviors to validate the effectiveness of your security control program. We will show you new reporting capabilities that will better enable you to determine the tactics, techniques, and procedures your company is most exposed to, as well as the security controls within your program that are working as intended.
Cloud Security with MITRE ATT&CK
The movement to the cloud is an important sub-plot in the broader cybersecurity narrative, presenting new challenges in preventing hostile actors from striking to disrupt data and attack critical infrastructure operations. How can you work to ensure your cloud environment is protected against the unique challenges presented? That’s where the MITRE ATT&CK framework comes in, along with the practice of threat-informed defense. By mapping known threat tactics, techniques, and procedures in ATT&CK to native cloud security controls, security teams can gain a comprehensive picture of the threats that matter most to their organization and, more importantly, how well their cloud security controls perform against them.
Testing Your Defenses Against the Top Ten MITRE ATT&CK Techniques
The Center for Threat-Informed Defense has recently published a methodology and calculator so that you can identify the top MITRE ATT&CK techniques that impact your sector. As a founding research partner of the Center for Threat-Informed Defense, AttackIQ has integrated the top ATT&CK techniques into the AttackIQ Security Optimization Platform for organizations to select key techniques and run adversary emulations to validate that your cyberdefenses work as intended. Join AttackIQ experts in this demo to see how to leverage this new research and the Security Optimization Platform.
Emulating the Conti Ransomware Family
Ransomware attacks have become so commonplace, yet still companies suffer debilitating attacks that cost them millions of dollars. Why? Because they don’t exercise their cyberdefenses against ransomware to improve effectiveness. Join experts from the AttackIQ adversary research team in this demo to see how to improve your security program performance by running ransomware emulations, beginning with the infamous Conti ransomware family. Ransomware groups consistently use repeat techniques and procedures to achieve their criminal and financial goals; testing your defenses against Conti will help you improve your overall security performance.
Purple Teaming with MITRE ATT&CK in the Energy Sector
Over the last two years, cyberattacks have increased significantly against the energy sector as geopolitical tensions have increased and ransomware groups focused their attacks on oil, gas, and electric companies following the success of the Colonial Pipeline attack. Join AttackIQ researchers and experts in this demo to explore how the AttackIQ Security Optimization Platform helps energy companies improve their defense effectiveness. This demo will include a look at the AttackIQ adversary research team’s new attack graph on the Russian government-built HAVEX malware and a review of the top ten MITRE ATT&CK techniques impacting the global energy sector.
Operationalizing MITRE ATT&CK
Whether your organization has a small security team with limited resources or a more mature enterprise program, the MITRE ATT&CK framework is an invaluable resource to ensure your security controls work efficiently and as expected. You will learn how to better understand adversary behaviors and continuously validate your security controls using breach and attack simulation.
Purple Teaming in the U.S. Government
Break down silos between your red and blue teams to deploy a threat-informed defense and align both teams into a purple team construct. Our cybersecurity leaders will show you how to leverage the AttackIQ Security Optimization Platform to run breach and attack simulations, think like the adversary, and test their defensive technologies continuously. We will focus on in particular on known threat actors and behaviors that impact the U.S. government.
Malware-Emulation Attack Graphs: SOGU and BlackCat
In this demo, AttackIQ introduces you to a new and innovative approach to adversary emulation: malware-emulation attack graphs. To emulate the adversary with realism, the AttackIQ adversary research team has manually reverse engineered full-featured malware, disaggregated the malware into specific MITRE ATT&CK tactics and techniques, and arranged the content into an attack graph that can safely emulate malware behavior against your assets and network. We will showcase our work emulating SOGU malware, commonly used for espionage purposes by actors based in the People’s Republic of China, as well as BlackCat (ALPHV), a ransomware-as-a-service threat actor which the FBI reported in late April has compromised at least 60 organizations. This work builds on our ongoing research with the Center for Threat-Informed Defense micro-emulation plan project.
The 2021 MITRE Impact Report: Advancing a Threat-Informed Defense
How can you leverage the The MITRE Engenuity Center for Threat-Informed Defense’s ground-breaking research to ensure you are protected against known adversary tactics and techniques?
Securing Your Azure Cloud with MITRE ATT&CK
MITRE Engenuity’s Center for Threat-Informed Defense recently released research on cloud native controls capabilities and the MITRE ATT&CK techniques it provides coverage for. Join us for a special demo where we will deep dive into the research done by the Center the Security Stack Mappings, and how you are able to start securing your Azure environment today!
Purple Teaming in the Cloud with ATT&CK
Organizations have moved rapidly to the cloud without a commensurate strategy for securing it. On the basis of innovative research from MITRE Engenuity’s Center for Threat-Informed Defense, cybersecurity teams can now leverage the ATT&CK framework against security controls within Azure to optimize cloud security effectiveness. In this expert-led webinar and with the new Dummies Guide to Purple Teaming, you will learn to use the ATT&CK framework and purple team operations to validate cloud security effectiveness.
Ransomware in 2021
Staying Abreast of Modern Attacks
Ransomware attacks are on the rise with new victims in the news every day. Disrupting the price of gas and rattling American society, the Colonial Pipeline Co. shows how ransomware attacks can have far-reaching socio-political effects. The commodification of ransomware has enabled criminals all over the globe, and some nation-states give them safe harbor while others struggle to root out criminals despite their best intentions. How can security leaders best plan for the increasing proliferation and use of ransomware? Join Maggie MacAlpine and Jonathan Reiber, two seasoned cybersecurity strategists, for a webinar discussion on what the latest threats are and how you can best protect your organization from ransomware attacks.
Uniting Threat and Risk Management with NIST 800-53 & MITRE ATT&CK
During this weekly demo, we will introduce you to the history and evolution of the MITRE ATT&CK framework, the revolutionary compilation of known adversarial techniques, tactics, and common knowledge. Additionally, we will highlight why organizations are adopting it and how organizations can use MITRE ATT&CK to improve their security effectiveness, strengthen their cybersecurity program, and maximize resources. We will also cover how to map NIST SP 800-53 Control-to-ATT&CK mappings to satisfy compliance checks from a threat informed perspective and begin making data-driven decisions to inherently reduce risk.
New AttackIQ Platform Innovations: Comprehensive Adversary Emulation
Check out what’s new in AttackIQ! With our latest platform innovations, we’re delivering the most comprehensive adversary emulation capabilities available, completely aligned to MITRE ATT&CK. See how easy it is to evaluate the performance of network-deployed security controls with prescriptive guidance and maximize your investment in controls like next-generation firewalls (NGFW.) Learn how operators of all skill levels can apply complex adversary behaviors to their testing programs. See how to create full emulation campaigns with point-and-click ease of use.
Automated Testing and ServiceNow Security Validation
If you’re a ServiceNow customer, you won’t want to miss this weekly demo where our cybersecurity experts show you how to validate that security alerts are firing properly to inform your Security Operations Center and keep your organization secure. You’ll learn how to integrate the AttackIQ Security Optimization Platform with ServiceNow to continuously test the alert process and identify security gaps before adversaries can exploit them.
Aligning MITRE ATT&CK to NIST 800-53
AttackIQ’s Security Optimization Platform is now able to deploy ATT&CK-aligned scenarios against an organization’s security controls, validating control effectiveness in context of the NIST 800-53r4 controls. As a result, red, blue and white teams each can play a part in compliance mapping and enforcement, and the Security Optimization Platform helps each team perform its roles and responsibilities. See how to move beyond compliance and deliver measurable improvement of your security posture.
AttackIQ + Microsoft Integration
See how you can strengthen cyber threat detection and investigation, plus provide continuous visibility and control over the security of your endpoints. We’ll show you how to use Microsoft® Azure Sentinel and Microsoft® Defender Advanced Threat Protection (ATP) against the tactic categories as outlined by MITRE ATT&CK with the AttackIQ platform.
AttackIQ + Splunk SIEM Integration
Learn how to use the AttackIQ Security Optimization Platform to test controls at scale and in production in order to find and remediate gaps that could be compromised by adversaries. In this special focus demo, we’ll show you how to confirm that forwarding mechanisms are functioning with the Splunk SIEM and that alerts are being triggered in order to properly flag suspicious behavior to analysts. See how easy it is to integrate the two platforms using an open API.