SANTA CLARA, Calif.–AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) solutions, today announced the release of its data analytic study, Ending the Era of Security Control Failure, which details historic security control failures against top MITRE ATT&CK techniques. AttackIQ’s analysis of customers’ security control performance against seven key techniques found that endpoint detection and response (EDR) controls only stopped them 39 percent of the time.
“The findings of our study underscore the importance of organizations continuously assessing their security controls – which include people, processes, and technologies – against real threats to validate their effectiveness”
To understand the degree of security effectiveness within its customer base, AttackIQ anonymized customer data from its cloud platform in 2021 to identify the top MITRE ATT&CK techniques that succeeded against EDR security controls. EDR was chosen because it is the industry’s most widely adopted control. AttackIQ also has a history of developing scenario content to emulate the adversary, aligned to the MITRE ATT&CK framework, to test EDR controls.
When analyzing top MITRE ATT&CK scenarios to classify the Seven Deadly Techniques, AttackIQ sought to evaluate each technique based on realistic and popular methods that could be prevented by recommended security configurations but are not being stopped sufficiently by customers and therefore present a heightened risk to organizations and businesses. The techniques had to have pronounced historical impacts, to include being used in recent Russian operations in Ukraine, and EDR solution providers needed to consistently block the selected techniques in AttackIQ’s labs.
When measuring its customers against the Seven Deadly Techniques, AttackIQ found that:
- 0% prevented 100% of the techniques
- 1% prevented 76% – 99% of the techniques
- 25% prevented 51% – 75% of the techniques
- 20% prevented 26% – 50% of the techniques
- 21% prevented 1% – 25% of the techniques
- 33% prevented 0% of the techniques
“The findings of our study underscore the importance of organizations continuously assessing their security controls – which include people, processes, and technologies – against real threats to validate their effectiveness,” said Brett Galloway, CEO of AttackIQ. “The problem is not due to the vendors, as they block these techniques and procedures constantly in our lab environment, or to our customers, who are some of the most advanced cybersecurity teams in the world. It is embedded in the system itself – and in the lack of data required to understand how well security programs are performing.”
The report was produced by AttackIQ’s recently launched Adversary Research Team, a group of premier threat researchers and operators from around the world that develop cutting-edge insights on the latest threats, and then combine those insights with actionable guidance for how to improve security readiness. Driven by intelligence and research, the team helps organizations validate their cyberdefenses against adversaries so they can proactively find and remediate gaps and achieve peak performance.
AttackIQ’s Adversary Research Team found that the Seven Deadly Techniques have been used repeatedly to carry out impactful cyberattacks and intrusions by adversaries like the Conti ransomware group and state-sponsored actors from Russia, China, Iran, North Korea, and others.
“Based on our laboratory environment, we know that leading EDR technologies stop these seven techniques consistently, and therefore our customers should be able to do so consistently as well,” said Jonathan Reiber, Vice President for Cybersecurity Strategy and Policy at AttackIQ. “The issue is that organizations aren’t testing enough, and even the most effective technologies and teams will fail to stop the adversary if they do not test and train sufficiently. Only by regularly testing controls against known threats can teams generate the data they need to understand their performance and improve.”
Today’s enterprises require continuous security control validation to drive down security control failures and elevate cybersecurity effectiveness. A Business Value White Paper from the analyst firm IDC recently found existing AttackIQ customers saw significant advantages when using AttackIQ’s Security Optimization Platform to test cybersecurity readiness and validate security program performance. The study found that continuous security control validation led to 47 percent more efficient security operations teams, a 44 percent reduction in potential costs of security breaches, and 35 percent less impactful breaches overall.
To learn more about the AttackIQ Adversary Research Team and download the full report, visit: https://www.attackiq.com/research.
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free award-winning AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat-Informed Defense. For more information, visit www.attackiq.com. Follow AttackIQ on Twitter, Facebook, LinkedIn, and YouTube.