AttackIQ On-Demand

Special Focus Demos

Cuba Ransomware Attack Graph

On December 1st, 2022, the FBI and CISA released a joint cybersecurity advisory that expands their #StopRansomware efforts to help organizations protect themselves against Ransomware attacks. In response, AttackIQ released a new attack graph emulating a Cuba ransomware attack to help you validate security controls, evaluate security and incident response processes, and support the improvement of your security control posture against an actor who uses both native system tools and their own bespoke malware. Join us to learn how your team can use data generated from continuous testing and the use of this attack graph to achieve key security outcomes, adjust your security controls, and work to elevate your total security program effectiveness against a known and dangerous threat.


North Korean Cybersecurity Alert

As a result of recent cybersecurity advisories based on North Korean malicious Cyber Activity released by the Cybersecurity & Infrastructure Security Agency (CISA) in conjunction with the Federal Bureau of Investigation (FBI) and U.S. Department of the Treasury on April 18 and July 6, 2022, AttackIQ has conducted in-depth research on the adversary known as Lazarus Group and its two subgroups, the financially motivated adversary, BlueNoroff, and the politically motivated adversary, Andariel. In this demo, join the AttackIQ Adversary Research Team (ART) to explore the in-depth research that has led to the creation of 14 new attack graphs, which can help optimize your cybersecurity readiness and effectiveness against these highly sophisticated threats.


Security Control Validation in the U.S. Department of Defense

Curious about how to ensure your security controls are operating properly? AttackIQ cybersecurity specialists will show you how to leverage the AttackIQ Security Optimization Platform to run threat emulations. We will focus in particular on known threat actors, behaviors, and initiatives that impact the U.S. Department of Defense. Tune in to discover how to think like the adversary and test your defensive technologies continuously.


Cloud Security with MITRE ATT&CK

The advent of cloud technologies has changed everything about how networks are built and operated. Infrastructure, policy, and configuration can can all now exist as code. Cloud technologies can be deployed quickly, updates and integrations can occur automatically, and services can scale rapidly across geographies. The cloud era demands new approaches to security. Join this demo to learn about new cloud security features in the Security Optimization Platform and how you can maximize your security program effectiveness with AttackIQ and MITRE ATT&CK.


How to Validate Your Controls Against Text4Shell

What is the correct way to validate your controls against a Text4Shell or similar library vulnerability? You need an adjustable, open systems testing platform to test the specific aspects of your implementation to accurately assess if your security controls are correctly configured to stop attacks that leverage it. Join Ken Towne from AttackIQ’s Adversary Research Team (ART) to learn how you can leverage AttackIQ’s open system testing platform to validate your controls against the recent Text4Shell or similar vulnerability.


Testing your Security Controls with AttackIQ

Cyberthreat actors use a range of tactics, techniques, and procedures (TTPs) to execute their attacks. The AttackIQ Security Optimization Platform emulates the adversary with realism and specificity by stringing TTPs together into a chain to form an attack graph. Join us in this demonstration to learn how to leverage the AttackIQ Security Optimization Platform to emulate complex adversary behaviors, test your security controls, and measure security program effectiveness.


Testing Your Defenses Against the Top Ten MITRE ATT&CK Techniques

The Center for Threat-Informed Defense has recently published a methodology and calculator to help you identify the top MITRE ATT&CK techniques impacting your sector. As a founding research partner of the Center for Threat-Informed Defense, AttackIQ has integrated these top ATT&CK techniques into the AttackIQ Security Optimization Platform so that organizations can select key techniques and run adversary emulations to validate that cyberdefenses work as intended. Join AttackIQ for a demonstration and to learn how to leverage this Center’s research in the AttackIQ Security Optimization Platform.


Ransomware in the Healthcare Industry: What Can Be Done?

The healthcare industry has seen a steady increase of ransomware attacks in recent years. What is the nature of cybersecurity risk in healthcare, and what can defenders do to turn the tables on the adversary and stop ransomware attacks from succeeding? Join us for this demo and discussion of the ransomware attacks facing the healthcare sector and how you can use the AttackIQ Security Optimization Platform to test and validate your security controls – including your people, processes, and technologies — against real-world adversary behaviors.


The Seven Deadly Techniques and Ending the Era of Security Control Failure

In September, 2022, after months of research and analysis, AttackIQ released a data study report focused on historic security control failures against top MITRE ATT&CK techniques that have historic and significant impacts (to include Russian operations in Ukraine). To understand the degree of security effectiveness within our customer base, we anonymized customer data from over 120 SaaS cloud customers and their endpoint detection and response (EDR) security controls performance in 2021. Join us to understand the techniques that comprise the “Seven Deadly Techniques”, why security programs are failing, and how you can elevate your security program performance.


C-Suite and Board Reporting with Jupyter Notebooks

Over the last year AttackIQ worked with its customers to develop a dynamic reporting and analysis capability in the AttackIQ Security Optimization Platform around Jupyter notebooks to analyze, visualize, report, and study security program performance. Teams can use AttackIQ’s open API with dozens of Jupyter Notebooks to automate emulation-related tasks and generate charts and graphs to help your board, C-suite, and operations teams make decisions and move forward more effectively and efficiently. Join this demo to learn how customers can make the most of AttackIQ’s Jupyter notebooks – with a focus on C-suite and board reporting.


Automated Testing and Cloud Security: Azure and AWS

The advent of cloud technologies has changed everything about how networks are built and operated. Infrastructure, policy, and configuration can all now exist as code. Cloud technologies can be deployed quickly, updates and integrations can occur automatically, and services can scale rapidly across geographies. The cloud era demands new approaches to security. Join this demo to learn about new cloud security features in the AttackIQ Security Optimization Platform and how you can maximize your security program effectiveness with AttackIQ and MITRE ATT&CK.


US-CERT Alerts and AttackIQ Attack Graphs

The U.S. government has improved its alert process for emerging cyberthreats to the United States and its allies and partners globally, with the U.S. Computer Emergency Response Team (US-CERT) alert system and the MITRE ATT&CK framework at the center. In response to US-CERT alerts, AttackIQ produces comprehensive attack graphs to emulate the attacker with specificity and realism, aligned to the TTPs in the alert. In its most recent alert, the FBI and the U.S. Department of the Treasury as well as the governments of Australia, Canada, and the United Kingdom combined to urge organizations to test their security controls automatically, at scale, and in production. In this demo, join the AttackIQ Adversary Research Team to explore how AttackIQ produces attack graphs to test your controls at scale and in production, and learn how attack graphs and assessments can help you optimize your security program performance.


Breach and Attack Simulation

Security teams need more than point-in-time status data about their security program to achieve cybersecurity readiness. Companies use breach and attack simulation as a foundational means to test and validate that their security controls work as they should. The AttackIQ Security Optimization Platform gives customers the most consistent, trusted, and safest way to test and validate at scale. While competitors test in sandboxes, we allow you to test in production across the entire kill chain, just like the adversary, emulating multi-stage attacks against your security infrastructure. Learn to make your cybersecurity program effective and efficient — and maximize your return on investment.


Using AttackIQ to Prepare for Nation-State Adversaries

Cyberattacks emerge from a range of threat groups, fly-by night ransomware groups using ransomware-as-a-service to organized criminal syndicates to nation-state adversaries. On the face of its, companies may believe that they cannot prepare their defenses against advanced nation-state attackers like Russia and China, but the fact is these adversaries use the same tactics, techniques, and procedures (TTPs) over and over in their campaigns. Defenders can improve their security posture against nation-state attacks by testing their defenses constantly, leveraging reporting capabilities, and adjusting their programs and investments. During this demo, Ken Towne from AttackIQ’s Adversary Research Team (ART) will show you how to use the AttackIQ Security Optimization Platform and its attack graphs, including US-CERT alert responses, to counter nation-state adversaries and optimize your cybersecurity effectiveness.


10 Key Lessons Learned in the Field on Breach and Attack Simulation

Are you new to the world of threat-informed defense and adversary emulation, breach and attack simulation (BAS) or purple teaming? In this demo, you will join one of the leading advisors in breach and attack simulation for a discussion of his top 10 lessons learned from working with companies in the trenches to prepare, plan, and execute a breach and attack simulation or purple teaming project. Regardless of the security capabilities, platform, or framework you have, whether you are a technical operator or a CISO or whether you are on a red, blue, or purple team, this demo will give you practical advice and guidance to maximize your security program effectiveness and achieve peak performance. Join Andrew “AC” Costis to learn from his experience advising companies and helping implement a world-class BAS project.


Malware Emulation of SysJoker and Linux Threats

Cyberattacks against Linux platforms have been steadily increasing in frequency and complexity and represent a real threat to AttackIQ customers. Threat actors exploit weak configurations and a lack of security controls to launch ransomware and crypto-jacking campaigns. Adversaries have built multi-platform malware like SysJoker to run on any system they discover. To help organizations defend themselves against Linux threats and SysJoker, AttackIQ has expanded our emulation library for new Linux-specific techniques and developed new attack graphs. Join this demo with the AttackIQ Adversary Research Team (ART) to learn how these attacks work and how you can use the AttackIQ Security Optimization Platform to validate your security effectiveness against real-world threats.


Measuring Your Security Program Performance Using Kibana and AttackIQ

Security teams need granular and accessible performance data to understand their performance against known threats. AttackIQ has integrated the Kibana reporting technology into the AttackIQ Security Optimization Platform to give customers analytic data to make strategic and operational decisions. AttackIQ’s new reporting capabilities allow you to search your internal data for information, visualize results, and study specific aspects of your security program performance. In this demo, you will learn to use the Kibana dashboards in the AttackIQ Security Optimization Platform to measure your total security posture performance (at a single point-in-time or over time), specific security controls, and your security program effectiveness against specific threat actor tactics, techniques, and procedures in MITRE ATT&CK. Finally, you will learn to use the executive summary to highlight key statistics for your leadership and the board.


Purple Teaming with MITRE ATT&CK in the Oil and Gas Sector: MuddyWater and OilRig/APT34

Cyberattacks have increased significantly against the energy sector as geopolitical tensions have risen, and nation-state-sponsored espionage groups have focused their attacks on oil, gas, and electric companies for over a decade. MuddyWater and OilRig are Iran-based nation-state sponsored intrusion sets that have targeted organizations globally but have the heaviest focus on other nations in the Middle East. MuddyWater has focused targeting on energy (oil), telecommunications and government IT services sectors, while OilRig/APT34 has targeted a variety of sectors beyond just energy, to include financial, government, chemical, and telecommunications. This demo will include a technical overview of campaigns from both intrusion sets. Join AttackIQ researchers and experts to explore how these adversary campaign emulation attack graphs in the AttackIQ Security Optimization Platform can help you validate your security effectiveness against real-world campaigns from these adversaries.


Responding to Emerging Threats: US-CERT and AttackIQ Attack Graphs

The U.S. government has improved its alert process for emerging cyberthreats to the United States and its allies and partners around the world, with the U.S. Computer Emergency Response Team (US-CERT) alert system and the MITRE ATT&CK framework at the center. In response to a new threat, US-CERT uses MITRE ATT&CK to describe observed adversary tactics, techniques, and procedures (TTPs), and following a US-CERT alert, AttackIQ produces comprehensive attack graphs to emulate the attacker with specificity and realism, aligned to the TTPs in the alert. In this demo, join the AttackIQ Adversary Research Team to explore how AttackIQ produces attack graphs and learn how attack graphs can help optimize your cybersecurity readiness and effectiveness.


AttackIQ + Cisco Firepower Integration

If you are a Cisco Firepower customer or evaluating any of the Firepower series, this demo is for you! Watch how automated testing can validate if Cisco Firepower firewalls are detecting and preventing cyberthreats as anticipated. We will show you how to create assessments and generate reports, interpreting testing data to ensure continuous protection against adversary behavior.


Using Global Reporting to Validate the Effectiveness of Your Security Program

Global reporting in the AttackIQ Security Optimization Platform can help you assess what is happening across your entire security program. During this demo you will learn how to apply complex adversary behaviors to validate the effectiveness of your security control program. We will show you new reporting capabilities that will better enable you to determine the tactics, techniques, and procedures your company is most exposed to, as well as the security controls within your program that are working as intended.


Emulating the Conti Ransomware Family

Ransomware attacks have become so commonplace, yet still companies suffer debilitating attacks that cost them millions of dollars. Why? Because they don’t exercise their cyberdefenses against ransomware to improve effectiveness. Join experts from the AttackIQ adversary research team in this demo to see how to improve your security program performance by running ransomware emulations, beginning with the infamous Conti ransomware family. Ransomware groups consistently use repeat techniques and procedures to achieve their criminal and financial goals; testing your defenses against Conti will help you improve your overall security performance.


Purple Teaming with MITRE ATT&CK in the Energy Sector

Over the last two years, cyberattacks have increased significantly against the energy sector as geopolitical tensions have increased and ransomware groups focused their attacks on oil, gas, and electric companies following the success of the Colonial Pipeline attack. Join AttackIQ researchers and experts in this demo to explore how the AttackIQ Security Optimization Platform helps energy companies improve their defense effectiveness. This demo will include a look at the AttackIQ adversary research team’s new attack graph on the Russian government-built HAVEX malware and a review of the top ten MITRE ATT&CK techniques impacting the global energy sector.


Operationalizing MITRE ATT&CK

Whether your organization has a small security team with limited resources or a more mature enterprise program, the MITRE ATT&CK framework is an invaluable resource to ensure your security controls work efficiently and as expected. You will learn how to better understand adversary behaviors and continuously validate your security controls using breach and attack simulation.


Purple Teaming in the U.S. Government

Break down silos between your red and blue teams to deploy a threat-informed defense and align both teams into a purple team construct. Our cybersecurity leaders will show you how to leverage the AttackIQ Security Optimization Platform to run breach and attack simulations, think like the adversary, and test their defensive technologies continuously. We will focus on in particular on known threat actors and behaviors that impact the U.S. government.


Malware-Emulation Attack Graphs: SOGU and BlackCat

In this demo, AttackIQ introduces you to a new and innovative approach to adversary emulation: malware-emulation attack graphs. To emulate the adversary with realism, the AttackIQ adversary research team has manually reverse engineered full-featured malware, disaggregated the malware into specific MITRE ATT&CK tactics and techniques, and arranged the content into an attack graph that can safely emulate malware behavior against your assets and network. We will showcase our work emulating SOGU malware, commonly used for espionage purposes by actors based in the People’s Republic of China, as well as BlackCat (ALPHV), a ransomware-as-a-service threat actor which the FBI reported in late April has compromised at least 60 organizations. This work builds on our ongoing research with the Center for Threat-Informed Defense micro-emulation plan project.


The 2021 MITRE Impact Report: Advancing a Threat-Informed Defense

How can you leverage the The MITRE Engenuity Center for Threat-Informed Defense’s ground-breaking research to ensure you are protected against known adversary tactics and techniques?


Securing Your Azure Cloud with MITRE ATT&CK

MITRE Engenuity’s Center for Threat-Informed Defense recently released research on cloud native controls capabilities and the MITRE ATT&CK techniques it provides coverage for. Join us for a special demo where we will deep dive into the research done by the Center the Security Stack Mappings, and how you are able to start securing your Azure environment today!


Purple Teaming in the Cloud with ATT&CK

Organizations have moved rapidly to the cloud without a commensurate strategy for securing it. On the basis of innovative research from MITRE Engenuity’s Center for Threat-Informed Defense, cybersecurity teams can now leverage the ATT&CK framework against security controls within Azure to optimize cloud security effectiveness. In this expert-led webinar and with the new Dummies Guide to Purple Teaming, you will learn to use the ATT&CK framework and purple team operations to validate cloud security effectiveness.


Ransomware in 2021: Staying Abreast of Modern Attacks

Ransomware attacks are on the rise with new victims in the news every day. Disrupting the price of gas and rattling American society, the Colonial Pipeline Co. shows how ransomware attacks can have far-reaching socio-political effects. The commodification of ransomware has enabled criminals all over the globe, and some nation-states give them safe harbor while others struggle to root out criminals despite their best intentions. How can security leaders best plan for the increasing proliferation and use of ransomware? Join Maggie MacAlpine and Jonathan Reiber, two seasoned cybersecurity strategists, for a webinar discussion on what the latest threats are and how you can best protect your organization from ransomware attacks.


Uniting Threat and Risk Management with NIST 800-53 & MITRE ATT&CK

During this weekly demo, we will introduce you to the history and evolution of the MITRE ATT&CK framework, the revolutionary compilation of known adversarial techniques, tactics, and common knowledge. Additionally, we will highlight why organizations are adopting it and how organizations can use MITRE ATT&CK to improve their security effectiveness, strengthen their cybersecurity program, and maximize resources. We will also cover how to map NIST SP 800-53 Control-to-ATT&CK mappings to satisfy compliance checks from a threat informed perspective and begin making data-driven decisions to inherently reduce risk.


New AttackIQ Platform Innovations: Comprehensive Adversary Emulation

Check out what’s new in AttackIQ! With our latest platform innovations, we’re delivering the most comprehensive adversary emulation capabilities available, completely aligned to MITRE ATT&CK. See how easy it is to evaluate the performance of network-deployed security controls with prescriptive guidance and maximize your investment in controls like next-generation firewalls (NGFW.) Learn how operators of all skill levels can apply complex adversary behaviors to their testing programs. See how to create full emulation campaigns with point-and-click ease of use.


Automated Testing and ServiceNow Security Validation

If you’re a ServiceNow customer, you won’t want to miss this weekly demo where our cybersecurity experts show you how to validate that security alerts are firing properly to inform your Security Operations Center and keep your organization secure. You’ll learn how to integrate the AttackIQ Security Optimization Platform with ServiceNow to continuously test the alert process and identify security gaps before adversaries can exploit them.


Aligning MITRE ATT&CK to NIST 800-53

AttackIQ’s Security Optimization Platform is now able to deploy ATT&CK-aligned scenarios against an organization’s security controls, validating control effectiveness in context of the NIST 800-53r4 controls. As a result, red, blue and white teams each can play a part in compliance mapping and enforcement, and the Security Optimization Platform helps each team perform its roles and responsibilities. See how to move beyond compliance and deliver measurable improvement of your security posture.


AttackIQ + Microsoft Integration

See how you can strengthen cyber threat detection and investigation, plus provide continuous visibility and control over the security of your endpoints. We’ll show you how to use Microsoft® Azure Sentinel and Microsoft® Defender Advanced Threat Protection (ATP) against the tactic categories as outlined by MITRE ATT&CK with the AttackIQ platform.


AttackIQ + Splunk SIEM Integration

Learn how to use the AttackIQ Security Optimization Platform to test controls at scale and in production in order to find and remediate gaps that could be compromised by adversaries. In this special focus demo, we’ll show you how to confirm that forwarding mechanisms are functioning with the Splunk SIEM and that alerts are being triggered in order to properly flag suspicious behavior to analysts. See how easy it is to integrate the two platforms using an open API.