Boundary Posture Management

AttackIQ’s Boundary Posture Management (BPM) module addresses the challenges of security control failure by continuously evaluating your boundary security, generating analytic data about your performance and identifying gaps between your assumed effectiveness and your actual posture. How does it work? BPM uses a combination of atomic tests, packet capture (PCAP) replays, inbound email attacks, and outbound data exfiltration to emulate a range of adversary behaviors, to include command and control, protocol enforcement, and DLP monitoring, among other defensive capabilities.

BPM runs multiple adversary emulations against your boundary security controls at scale and in production, generating real-time performance data about known threats. With BPM, AttackIQ provides the most comprehensive adversary emulation capabilities available on the market, emulating attackers with specificity and realism at the beginning, middle, and end of the kill-chain to give customers a portrait of their overall security posture effectiveness.

Benefits

Provides continuous visibility into boundary security control effectiveness.
Validates boundary security effectiveness against multi-stage, comprehensive adversary attacks, leveraging packet capture (PCAP) replay between an attacking asset and target asset to assess in-line security control detection and prevention.
Executes end-to-end validation of network-deployed security controls.
Measures organizational detection and prevention effectiveness against advanced adversary TTPs.
Exercises and evaluates outsourced MSSP or continuous monitoring providers.
Generates technology-specific remediation guidance.

Features

Tests firewalls through packet capture (PCAP) replays, exercising the following defensive capabilities:

Command and Control
Network Inspection
Malware Transfer
Protocol Enforcement
Exploit Protection
SSL Inspection Supported

Tests Web Access Filter (WAF) through atomic tests:

Web Application Firewall (WAF) Exercises
Open Web Application Security Project (OWASP) Top 10
Vendor Specific Profiling

Tests inbound/outbound email:

Inbound Email
Malicious Links
Malicious Content
Compromised Documents
Outbound Email
DLP Monitoring
Financial / PII

Additional Resources

  • Adversary Emulation, MITRE ATT&CK, Ransomware

    Attack Graph Emulating the Conti Ransomware Team’s Behaviors

    AttackIQ has released a new full-featured attack graph emulating the tactics, techniques, and procedures (TTPs) used by the Conti Ransomware Group. Despite the group’s recent dissolution, Conti’s successful post-compromise tactics, techniques, and procedures will live on. This attack graph will help defenders test their cyberdefense technologies against the full range of techniques and procedures that Conti used – and which Conti’s former members, now in other ransomware groups, will likely continue to use.
    Read More

  • MITRE ATT&CK For Dummies

    How can you ensure that your cybersecurity capabilities defend your organization as best they can? After decades and billions of dollars spent on the people, processes, and technology of cybersecurity, this question still haunts security leaders. Intruders break past, security controls falter, and defenses fail against even basic cyberattack techniques. What should be done? Instead of trying to close every vulnerability, meet every standard, or buy the “best” technology, security teams can change the game by focusing their defenses on known threats.
    Read More
  • AttackIQ Boundary Posture Management Resource

    AttackIQ Boundary Posture Management (BPM)

    AttackIQ’s Boundary Posture Management (BPM) module addresses the challenges of security control failure by continuously evaluating your boundary security, generating analytic data about your performance and identifying gaps between your assumed effectiveness and your actual posture.
    Read More