AttackIQ On-Demand

The healthcare industry has seen a steady increase of ransomware attacks in recent years. What is the nature of cybersecurity risk in healthcare, and what can defenders do to turn the tables on the adversary and stop ransomware attacks from succeeding? Join us for this demo and discussion of the ransomware attacks facing the healthcare sector and how you can use the AttackIQ Security Optimization Platform to test and validate your security controls – including your people, processes, and technologies — against real-world adversary behaviors.

In September, 2022, after months of research and analysis, AttackIQ released a data study report focused on historic security control failures against top MITRE ATT&CK techniques that have historic and significant impacts (to include Russian operations in Ukraine). To understand the degree of security effectiveness within our customer base, we anonymized customer data from over 120 SaaS cloud customers and their endpoint detection and response (EDR) security controls performance in 2021. Join us to understand the techniques that comprise the “Seven Deadly Techniques”, why security programs are failing, and how you can elevate your security program performance.

Over the last year AttackIQ worked with its customers to develop a dynamic reporting and analysis capability in the AttackIQ Security Optimization Platform around Jupyter notebooks to analyze, visualize, report, and study security program performance. Teams can use AttackIQ’s open API with dozens of Jupyter Notebooks to automate emulation-related tasks and generate charts and graphs to help your board, C-suite, and operations teams make decisions and move forward more effectively and efficiently. Join this demo to learn how customers can make the most of AttackIQ’s Jupyter notebooks – with a focus on C-suite and board reporting.

The advent of cloud technologies has changed everything about how networks are built and operated. Infrastructure, policy, and configuration can all now exist as code. Cloud technologies can be deployed quickly, updates and integrations can occur automatically, and services can scale rapidly across geographies. The cloud era demands new approaches to security. Join this demo to learn about new cloud security features in the AttackIQ Security Optimization Platform and how you can maximize your security program effectiveness with AttackIQ and MITRE ATT&CK.

The U.S. government has improved its alert process for emerging cyberthreats to the United States and its allies and partners globally, with the U.S. Computer Emergency Response Team (US-CERT) alert system and the MITRE ATT&CK framework at the center. In response to US-CERT alerts, AttackIQ produces comprehensive attack graphs to emulate the attacker with specificity and realism, aligned to the TTPs in the alert. In its most recent alert, the FBI and the U.S. Department of the Treasury as well as the governments of Australia, Canada, and the United Kingdom combined to urge organizations to test their security controls automatically, at scale, and in production. In this demo, join the AttackIQ Adversary Research Team to explore how AttackIQ produces attack graphs to test your controls at scale and in production, and learn how attack graphs and assessments can help you optimize your security program performance.

Security teams need more than point-in-time status data about their security program to achieve cybersecurity readiness. Companies use breach and attack simulation as a foundational means to test and validate that their security controls work as they should. The AttackIQ Security Optimization Platform gives customers the most consistent, trusted, and safest way to test and validate at scale. While competitors test in sandboxes, we allow you to test in production across the entire kill chain, just like the adversary, emulating multi-stage attacks against your security infrastructure. Learn to make your cybersecurity program effective and efficient — and maximize your return on investment.

Cyberattacks emerge from a range of threat groups, fly-by night ransomware groups using ransomware-as-a-service to organized criminal syndicates to nation-state adversaries. On the face of its, companies may believe that they cannot prepare their defenses against advanced nation-state attackers like Russia and China, but the fact is these adversaries use the same tactics, techniques, and procedures (TTPs) over and over in their campaigns. Defenders can improve their security posture against nation-state attacks by testing their defenses constantly, leveraging reporting capabilities, and adjusting their programs and investments. During this demo, Ken Towne from AttackIQ’s Adversary Research Team (ART) will show you how to use the AttackIQ Security Optimization Platform and its attack graphs, including US-CERT alert responses, to counter nation-state adversaries and optimize your cybersecurity effectiveness.

Are you new to the world of threat-informed defense and adversary emulation, breach and attack simulation (BAS) or purple teaming? In this demo, you will join one of the leading advisors in breach and attack simulation for a discussion of his top 10 lessons learned from working with companies in the trenches to prepare, plan, and execute a breach and attack simulation or purple teaming project. Regardless of the security capabilities, platform, or framework you have, whether you are a technical operator or a CISO or whether you are on a red, blue, or purple team, this demo will give you practical advice and guidance to maximize your security program effectiveness and achieve peak performance. Join Andrew “AC” Costis to learn from his experience advising companies and helping implement a world-class BAS project.

Cyberattacks against Linux platforms have been steadily increasing in frequency and complexity and represent a real threat to AttackIQ customers. Threat actors exploit weak configurations and a lack of security controls to launch ransomware and crypto-jacking campaigns. Adversaries have built multi-platform malware like SysJoker to run on any system they discover. To help organizations defend themselves against Linux threats and SysJoker, AttackIQ has expanded our emulation library for new Linux-specific techniques and developed new attack graphs. Join this demo with the AttackIQ Adversary Research Team (ART) to learn how these attacks work and how you can use the AttackIQ Security Optimization Platform to validate your security effectiveness against real-world threats.

Security teams need granular and accessible performance data to understand their performance against known threats. AttackIQ has integrated the Kibana reporting technology into the AttackIQ Security Optimization Platform to give customers analytic data to make strategic and operational decisions. AttackIQ’s new reporting capabilities allow you to search your internal data for information, visualize results, and study specific aspects of your security program performance. In this demo, you will learn to use the Kibana dashboards in the AttackIQ Security Optimization Platform to measure your total security posture performance (at a single point-in-time or over time), specific security controls, and your security program effectiveness against specific threat actor tactics, techniques, and procedures in MITRE ATT&CK. Finally, you will learn to use the executive summary to highlight key statistics for your leadership and the board.

Cyberattacks have increased significantly against the energy sector as geopolitical tensions have risen, and nation-state-sponsored espionage groups have focused their attacks on oil, gas, and electric companies for over a decade. MuddyWater and OilRig are Iran-based nation-state sponsored intrusion sets that have targeted organizations globally but have the heaviest focus on other nations in the Middle East. MuddyWater has focused targeting on energy (oil), telecommunications and government IT services sectors, while OilRig/APT34 has targeted a variety of sectors beyond just energy, to include financial, government, chemical, and telecommunications. This demo will include a technical overview of campaigns from both intrusion sets. Join AttackIQ researchers and experts to explore how these adversary campaign emulation attack graphs in the AttackIQ Security Optimization Platform can help you validate your security effectiveness against real-world campaigns from these adversaries.

The U.S. government has improved its alert process for emerging cyberthreats to the United States and its allies and partners around the world, with the U.S. Computer Emergency Response Team (US-CERT) alert system and the MITRE ATT&CK framework at the center. In response to a new threat, US-CERT uses MITRE ATT&CK to describe observed adversary tactics, techniques, and procedures (TTPs), and following a US-CERT alert, AttackIQ produces comprehensive attack graphs to emulate the attacker with specificity and realism, aligned to the TTPs in the alert. In this demo, join the AttackIQ Adversary Research Team to explore how AttackIQ produces attack graphs and learn how attack graphs can help optimize your cybersecurity readiness and effectiveness.

Global reporting in the AttackIQ Security Optimization Platform can help you assess what is happening across your entire security program. During this demo you will learn how to apply complex adversary behaviors to validate the effectiveness of your security control program. We will show you new reporting capabilities that will better enable you to determine the tactics, techniques, and procedures your company is most exposed to, as well as the security controls within your program that are working as intended.

Ransomware attacks have become so commonplace, yet still companies suffer debilitating attacks that cost them millions of dollars. Why? Because they don’t exercise their cyberdefenses against ransomware to improve effectiveness. Join experts from the AttackIQ adversary research team in this demo to see how to improve your security program performance by running ransomware emulations, beginning with the infamous Conti ransomware family. Ransomware groups consistently use repeat techniques and procedures to achieve their criminal and financial goals; testing your defenses against Conti will help you improve your overall security performance.

Over the last two years, cyberattacks have increased significantly against the energy sector as geopolitical tensions have increased and ransomware groups focused their attacks on oil, gas, and electric companies following the success of the Colonial Pipeline attack. Join AttackIQ researchers and experts in this demo to explore how the AttackIQ Security Optimization Platform helps energy companies improve their defense effectiveness. This demo will include a look at the AttackIQ adversary research team’s new attack graph on the Russian government-built HAVEX malware and a review of the top ten MITRE ATT&CK techniques impacting the global energy sector.

Whether your organization has a small security team with limited resources or a more mature enterprise program, the MITRE ATT&CK framework is an invaluable resource to ensure your security controls work efficiently and as expected. You will learn how to better understand adversary behaviors and continuously validate your security controls using breach and attack simulation.

In this demo, AttackIQ introduces you to a new and innovative approach to adversary emulation: malware-emulation attack graphs. To emulate the adversary with realism, the AttackIQ adversary research team has manually reverse engineered full-featured malware, disaggregated the malware into specific MITRE ATT&CK tactics and techniques, and arranged the content into an attack graph that can safely emulate malware behavior against your assets and network. We will showcase our work emulating SOGU malware, commonly used for espionage purposes by actors based in the People’s Republic of China, as well as BlackCat (ALPHV), a ransomware-as-a-service threat actor which the FBI reported in late April has compromised at least 60 organizations. This work builds on our ongoing research with the Center for Threat-Informed Defense micro-emulation plan project.

How can you leverage the The MITRE Engenuity Center for Threat-Informed Defense’s ground-breaking research to ensure you are protected against known adversary tactics and techniques?