New diagnostic service leverages the authoritative MITRE ATT&CK framework combined with the expertise of top risk management firm and leading automated testing platform to transform enterprise cybersecurity programs 

SAN DIEGO and WASHINGTON, Oct. 22, 2019 —  AttackIQ, the largest independent leader of the continuous security validation market, today announced a partnership with The Chertoff Group, a leading global security risk management firm, to offer a joint solution to help organizations measure security risk, train security staff and justify security investments. The service, called the ATT&CK Diagnostic, is designed to help enterprise customers build and sustain security programs that are strategic, risk-based and focused on proven effectiveness.

Leveraging AttackIQ’s automated testing platform which operationalizes the MITRE ATT&CK framework, the industry’s most authoritative approach to mapping threat actors to tactics, techniques and procedures (TTPs), the ATT&CK Diagnostic measures the effectiveness of an organization’s defensive countermeasures with unparalleled transparency and precision. The ATT&CK Diagnostic creates a risk-based threat model, maps a customer’s current defenses to TTPs in the threat model, clearly identifying what technologies and standards are addressing what TTPs, and identifying holes in coverage. This TTP-coverage map enables customers to prioritize future defensive countermeasure investments based on actual risk reduction.

Customers of the joint offering receive hands-on support to familiarize the technical team in conducting threat-specific planning and controls assurance testing. They are also coached on how to make specific business cases for security tools or personnel investments that align with their organization’s specific security needs. Technical teams receive in-depth training to empower organizations to leverage the AttackIQ platform and the ATT&CK Diagnostic TTP map to continuously evaluate countermeasure performance and make strategic, threat-informed decisions to further mature the program.

“We are excited to formally announce this partnership with AttackIQ because it helps clients attain an unmatched level of visibility into actual security performance,” said Michael Chertoff, executive chairman and co-founder of The Chertoff Group and former Secretary of Homeland Security. “Our expertise combined with MITRE’s ATT&CK framework and AttackIQ’s technical prowess will give our clients unique insight into how effectively their defensive capabilities actually address risk, enrich training for security staff and offer real business case justification for security investments.”

While adversaries can change hash values, IP addresses, domains and other indicators leveraged as part of their tradecraft, it is much more difficult for them to change overall tactics and techniques. That is why AttackIQ and The Chertoff Group built the ATT&CK Diagnostic service to help organizations orient their defenses around TTPs and maintain protection against real-world, known threats. Additionally, because there is often ambiguity on the extent to which a defensive measure actually addresses specific threat activity (particularly depending on how it is configured and implemented), it is essential for organizations to understand precisely how their protective and detective capabilities perform against simulated threat activity run against their technology stack.

“Recent research from the Ponemon Institute found that American enterprises spend $18.4 million on average every year on cybersecurity tools and technology, yet more than half don’t know if these tools are even working,” said Brett Galloway, CEO of AttackIQ. “The AttackIQ platform is designed to address this very problem. We have worked with The Chertoff Group for over a year in developing the ATT&CK Diagnostic, and have used the approach as a proof of concept with multiple customers, receiving overwhelmingly strong, positive feedback. It is our belief that this solution is a true game-changer in the security industry, providing customers with an unmatched assessment of control effectiveness, targeted training and meaningful security investment justification.”

In a climate where cybersecurity attacks and data breaches are costing companies billions of dollars every year and more and more stringent privacy and security regulations are emerging, cybersecurity planning and preparedness must be risk-based. The Chertoff Group and AttackIQ are bringing an unprecedented level of precision and transparency to risk-based planning and evaluation, empowering organizations to more effectively anticipate, withstand, recover and evolve from cyber-attacks.

“We have a proven methodology that leverages the MITRE ATT&CK framework to assess risk, which allows us to measure and demonstrate effectiveness against today’s real-world threats,” said Adam Isles, principal and strategic advisory services-cyber lead at The Chertoff Group.

For more information on the partnership between AttackIQ and The Chertoff Group and the new ATT&CK Diagnostic offering, please visit

Additional information will also be shared during a joint webinar on Nov. 5, 2019 at 10 a.m. PST. To attend the webinar, register here

About AttackIQ

AttackIQ, a leader in the emerging market of continuous security validation, built the industry’s first platform that enables red and blue teams to test and measure the effectiveness of their security controls and staff. With an open platform, AttackIQ supports the MITRE ATT&CK framework, a curated knowledge base and model for cyber adversary behavior used for planning security improvements and verifying defenses work as expected. AttackIQ’s platform is trusted by leading companies around the world. For more information visit Follow AttackIQ on TwitterFacebookLinkedInVimeo, and YouTube.

About The Chertoff Group

The Chertoff Group is a global advisory services firm focused on security and risk management. The firm applies security expertise, technology insights, and policy intelligence to help clients build resilient organizations, gain competitive advantage, and accelerate growth. Through the firm’s Strategic Advisory Services Practice Area, The Chertoff Group offers comprehensive security assessments, risk management strategies, policy and planning frameworks, and ongoing monitoring services to help clients anticipate, prepare for and build capabilities necessary to navigate today’s complex threat environment. For more information about The Chertoff Group, visit or follow us on LinkedIn and Twitter.