Boundary Posture Management
AttackIQ’s Boundary Posture Management (BPM) module addresses the challenges of security control failure by continuously evaluating your boundary security, generating analytic data about your performance and identifying gaps between your assumed effectiveness and your actual posture. How does it work? BPM uses a combination of atomic tests, packet capture (PCAP) replays, inbound email attacks, and outbound data exfiltration to emulate a range of adversary behaviors, to include command and control, protocol enforcement, and DLP monitoring, among other defensive capabilities.
BPM runs multiple adversary emulations against your boundary security controls at scale and in production, generating real-time performance data about known threats. With BPM, AttackIQ provides the most comprehensive adversary emulation capabilities available on the market, emulating attackers with specificity and realism at the beginning, middle, and end of the kill-chain to give customers a portrait of their overall security posture effectiveness.
- Provides continuous visibility into boundary security control effectiveness.
- Validates boundary security effectiveness against multi-stage, comprehensive adversary attacks, leveraging packet capture (PCAP) replay between an attacking asset and target asset to assess in-line security control detection and prevention.
- Executes end-to-end validation of network-deployed security controls.
- Measures organizational detection and prevention effectiveness against advanced adversary TTPs.
- Exercises and evaluates outsourced MSSP or continuous monitoring providers.
- Generates technology-specific remediation guidance.
Tests firewalls through packet capture (PCAP) replays, exercising the following defensive capabilities:
- Command and Control
- Network Inspection
- Malware Transfer
- Protocol Enforcement
- Exploit Protection
- SSL Inspection Supported
Tests Web Access Filter (WAF) through atomic tests:
- Web Application Firewall (WAF) Exercises
- Open Web Application Security Project (OWASP) Top 10
- Vendor Specific Profiling
Tests inbound/outbound email:
- Inbound Email
- Malicious Links
- Malicious Content
- Compromised Documents
- Outbound Email
- DLP Monitoring
- Financial / PII
Boundary Posture Management Solution Brief
BPM uses a combination of atomic tests, packet capture (PCAP) replays, inbound email attacks, and outbound data exfiltration to emulate a range of adversary behaviors.
Attack Graph Emulating the Conti Ransomware Team’s Behaviors
AttackIQ has released a new full-featured attack graph emulating the tactics, techniques, and procedures (TTPs) used by the Conti Ransomware Group.