FireDrillTM can be easily integrated into an existing network to identify security gaps and provide actionable insight to improve your security posture.


FireDrill is cloud-based, requiring no bulky hardware or significant resources from your company’s infrastructure. On-premises deployments are possible if required by your organization.


Simply log in to your FireDrill account to access your platform console, where you set up agents, deploy scenarios, and access reports.


Passive, lightweight agents are the sensors of the FireDrill platform. They receive and execute your selected scenarios and facilitate your live security testing.


Our flexible deployment model allows you to strategically place agents as needed, adding or reducing the number of agents from month-to-month to allow for the most effective testing. All major operating systems supported: Windows, Linux, OS X


FireDrill is backed by industry-leading security researchers who collect intelligence and analyze current attack techniques, tactics, and procedures to create comprehensive test scenarios.


Scenarios are used to test controls, validate security posture, and instrument your environment. They consist of behaviors that execute unwanted behavior or mimic real world malicious activity. By testing these things you can confirm your protective and detective controls are functioning as designed.

Scenarios can be run on-demand or on automated schedules to continually challenge your security infrastructure.


Out of the box, FireDrill comes with an inventory of common scenarios from global expert individuals and organizations. We continually create and curate an ever-growing library of scenarios to address emerging threats, sourced both from AttackIQ experts and the security community at large. AttackIQ also offers custom scenario development services to address specific concerns.


Example Scenarios


  • Persistence
  • Privilege Escalation
  • Lateral Movement
  • Access to other Data Stores
  • C&C
  • Ex-filtration

Threat Actors

  • Nation State Actors
  • Insider Threats
  • CyberCriminals

Major Breaches

  • Target
  • Sony
  • Home Depot
  • TV5Monde

Threat Intelligence Data Replay

  • PCAP
  • STIX
  • OpenIOC

Technology Testing

  • Access/Routing/Availability
  • Data Loss Prevention (DLP)
  • Content/Web Filtering
  • Firewall
  • Network and Host IPS/IDS
  • AntiVirus (AV)
  • SIEM
  • SSL Certificates
  • and more…

People and Processes

  • Incident Response
  • Red Team Playbook
  • Table Top Exercises

If a scenario fails, security teams are notified in real-time through custom reporting and alerts, or through a company’s existing SIEM technology and workflow.

Detection-Focused Security Posture?

Some companies are focused more on detecting activity rather than blocking it. FireDrill Log Connector can automatically search your security products' logs for detection of FireDrill scenario activity. In a blocking-focused posture, a scenario being able to complete its activity would be considered a failure. But with Log Connector, FireDrill will consider those scenarios as passing due to successful detection. You can customize pass/fail to your particular needs.


FireDrill reports provide repeatable metrics and detailed actions you can take to strengthen your overall security posture.


Our real-time dashboard and results give you automated, accurate, repeatable validation of your live IT security infrastructure, allowing you to:

  • Assess your risk from emerging attacks immediately
  • Make fast and accurate decisions regarding potential security vulnerabilities
  • Evaluate your current products and protocols for effectiveness prior to compromise
  • Make informed data-driven decisions about existing and future security products
  • Communicate the value and risk of your infrastructure from the IT level to the Board

AttackIQ API Available:

Seamlessly integrates FireDrill results into existing operational workflow and infrastructure and allows custom triggers and actions.


FireDrill comes with a library of comprehensive reports that provide precise assessment of your current live IT security infrastructure’s ability to protect against an attack.

Security Assessment Report

  • Provides general threat assessment
  • Gives detailed insight on resiliency against specific attacks

Security Technology Report

  • Validates security controls (e.g. firewall, advanced endpoint, AV, etc.)
  • Provides data-driven assurance that all security operations are functioning effectively

Product Comparison Report

  • Compare and contrasts security products in head-to-head fashion
  • Provides product performance metrics for purchase recommendations