Testing for Everyone
Pay as you go, flexible consumption democratizes testing by unlocking security validation for organizations where it was previously impractical.
Fastest Time to Visibility
Through agentless testing, organizations deploy Flex and get answers to their security validation questions in a matter of minutes instead of weeks.
Simplified Testing
A cornerstone of AttackIQ Flex, the self-contained test packages streamline design and execution and reduce the complexity associated with validating security controls.
Enhanced Visibility
The self-contained test packages enable organizations to conduct rapid tests on any network, regardless of whether they don’t manage them or aren’t internet connected.
Flex is your first step toward finding security gaps.
Safe, real-world attack scenarios are at the click of a button. Designed for anyone to run with actionable guidance to keep you protected.
Simple, comprehensive, and MITRE ATT&ACK aligned test performance insights that are designed to drive action. Easily understand your security performance at-a-glance.
AttackIQ Flex Offering
AttackIQ Flex provides an economical means of validating security controls without the need for expensive and time-consuming manual testing. With a pay as you go consumption model, you can test as little or as much as you want and across elements of your business.
Threat Emulations
Comprehensive adversary emulations run as self-contained test packages, validating controls against emerging threats.
Security Control Baseline
Security Control Baseline. Tests the efficacy of EDR, AV and content filtering security controls.
CISA Alert and Threat Descriptions
The AttackIQ Adversary Research Team produces attack graphs within 48 hours of CISA alerts and responds to emerging threats so you can validate your controls against real-world actors.
Compliance Testing
Instantly run compliance-aligned assessments, including Digital Operational Resilience Act (DORA) and NIST Common Security Framework (CSF).
"Once you use it, you’ll never want to use anything else again."
Richard Wadsworth, Cybersecurity Professional
AttackIQ Flex Pricing
Free
Best for people just getting started with Breach & Attack Simulation.
- Access to Free Testing Packages
- Access to Adversary Research
$300
Best for people looking to test on an intermittent basis.
- Credit-based Purchases
- Access to Volume-based Discounts
- Access to Adversary Research
$4,995/mo
Best for people looking to do comprehensive ad-hoc testing.
- Access to Unlimited Testing (30 Days)
- Access to Adversary Research
- 1 Hour of Professional Services
Get in Touch
Best for people looking to do programmatic testing all year.
- Access to Unlimited Testing
- Access to Adversary Research
- 6 Hours of Professional Services
Contact Us
AttackIQ Flex Yearly Plan
AttackIQ Flex Testing Modalities
With a couple clicks I was able to setup an account, download the agent and run a test inside our environment… And, I just love the ad hoc, pay as you go nature of the product which fits more in line with our budget and scale.
Common Questions
There are innumberable uses cases for Flex. Below are some initial examples.
- Zero trust. Perform regular testing to validate the security of critical assets.
- SMB. Organizations with small network and security stacks, limited in house resources want to include security testing as part of security program
- Red team augmentation. Automate the scripting and execution of attack scenarios and penetration tests, allowing red teams to comprehensively test security controls, identify vulnerabilities, and provide mitigations
- Purple teaming augmentation. Design and execute attack scenarios against defenders with immediate feedback into people, process, and technology efficacy
- Regular self-managed security validation. Basic security validation and breach and attack simulation
- Fully managed security validation program. Conduct regular security validation but doesn’t have the staff to support in house testing
- Security posture assessment. Use Flex to validate security controls by scaling as many test points as you need for a representative sample of your environment.
- Managed service provider. Insurance provider or underwriter wants insuree to run a risk assessment on their network to determine coverage.
- Network consolidation, including M&A activity. Acquirer or parent organization wants to quickly bring on new branch networks into the corporate umbrella. Deploying agents takes too long for the request.