Emulating the Surging Hadooken Malware
Adversary Emulation
Actionable. Incisive. Quantitative. Cutting-edge research into the art of adversary emulation.
Stay up to date on our adversary research blog, adversary behavior studies, and demos. Sign up for AIQ Insights and we’ll deliver them straight to your inbox so you stay informed.
A group of premier threat researchers and operators from around the world, AttackIQ’s Adversary Research Team (ART) develops cutting-edge insights on the latest threats coupled with actionable guidance on how to improve security readiness for customers and the public. Driven by intelligence and research, we help you validate your cyberdefenses against adversaries so you can proactively find and remediate gaps and achieve peak performance.
Stay up to date on our adversary research blog, adversary behavior studies, and demos. Sign up for AIQ Insights and we’ll deliver them straight to your inbox so you stay informed.
MITRE ATT&CK-derived testing scenarios underpin much of the AttackIQ Security Optimization Platform. The AttackIQ Adversary Research Team builds scenarios and strings them into attack graphs to emulate adversary campaigns and test advanced cyberdefenses with realism and specificity, triggering AI and ML-based technologies and generating data about security program performance.
Adversary behavior observed in the wild by AttackIQ, US-CERT, other open-source reporting across the threatintel community.
Adversary Research Team responds to emerging adversary behavior and US-CERT alerts, analyzing tactics, techniques, and procedures.
The Adversary Research Team develops scenarios and attack graphs to test defense capabilities, leveraging MITRE ATT&CK.
Assessments and attack graphs released into the AttackIQ Security Optimization Platform and announced to customers and the public.
AttackIQ advises customers on adversary behavior, assessment, attack graph usage, and how to leverage testing data.
Adversary Research Team monitors threat landscape and studies defensive technology evolution continuously to stay ahead.
Data Study Report
After months of analysis, AttackIQ is publishing a data analytic study of historic security control failures against top MITRE ATT&CK techniques – and what to do to improve security program performance.
AttackIQ produces emulation plans in the form of atomic scenarios and end-to-end attack graphs that emulate the adversary. The AttackIQ Security Optimization Platform runs scenarios aligned to MITRE ATT&CK in production, at scale, and can run multiple assessments concurrently against your security program. AttackIQ’s attack graphs string together techniques and procedures in a chain, emulating the adversary and testing machine learning (ML) and artificial intelligence (AI)-enabled cyberdefense technologies. Attack graphs make it easier for organizations to visually measure their defense performance against the adversary.
AttackIQ responds within 24 hours to a U.S. government Computer Emergency Response Team (US-CERT) alert with an initial assessment and a blog for our customers to test their security posture against emergent threats. Within 72 hours, AttackIQ produces a comprehensive attack graph and blog to emulate the attacker, aligned to all of the MITRE ATT&CK tactics, techniques, and procedures in the alert.
The AttackIQ adversary research team integrates open-source intelligence from MITRE ATT&CK and other analytic streams into the Security Optimization Platform to deliver a realistic threat-informed defense. In addition, the team drives research withing the Center for Threat-Informed Defense, where AttackIQ is a founding research partner, to develop new operational concepts for effectiveness. Finally, the team communicates research findings to the public through the media and by presenting at events like BlackHat, SXSW, ATT&CKcon, and RSA, among others.
Check out our presentations at ATT&CKcon and SXSW and RiskyBiz.
The purpose of adversary emulation and the AttackIQ Security Optimization Platform is to generate quantitative insights that CISOs and security teams can use to improve their overall security program performance. Teams need to be able to answer questions from senior leaders, the board, and Congress: are we ready for the next attack? How prepared are we, really? By running AttackIQ’s assessments and attack graphs against your security program, you generate real-time performance data to make adjustments, identify investment areas, and improve team cohesion to counter attacks.
Use adversary emulations to measure your security control performance at a single point in time.
Run emulations against your security program automatically and continuously over time to measure performance.
Analyze your security controls’ performance against specific threats, running assessments and attack graphs concurrently against all of your security controls and test points.
Teams can use AttackIQ’s open API through the dozens of Jupyter Notebooks embedded within the AttackIQ Security Optimization Platform to automate emulation-related tasks and generate insightful charts and graphs to help your management and operations teams make decisions and move forward more effectively and efficiently. You can use AttackIQ’s provided Jupyter notebooks to analyze threat coverage against security controls, analyze your entire security program against comprehensive adversary campaigns, to conduct product comparisons during a side-by-side comparison of security vendors, or other purposes. With AttackIQ’s open API, you can assign developers to generate new capabilities within the platform to meet your analytic needs. To learn more about using Jupyter notebooks.