AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced that leading U.S. Government legislative, executive, intelligence, and defense agencies – including the U.S. Army – are leveraging a threat informed defense strategy to take a proactive stance against cyberattacks. By focusing on known threats and testing their defenses continuously against adversary behaviors outlined in the MITRE ATT&CK® framework, operators have better data and insights into their program performance. To date, AttackIQ is now deployed in more than a dozen U.S. government agencies and organizations, including three of the six U.S. military branches of service; customers in the legislative branch, intelligence community, defense agencies; and numerous executive branch civilian agencies.
From the SolarWinds supply chain cyberattack on civilian government agencies to continued attacks on national security systems, the U.S. government is a top-tier target of nation-states and cybercriminal groups alike. To improve the government’s cybersecurity posture, in 2021 the Biden administration issued a new Executive Order for the federal government, with a focus on implementing a zero-trust architecture. In addition to zero trust, U.S. government agencies are investing in proactive measures and technologies like breach and attack simulation to understand how well they are performing against threats, identify gaps in their defenses, and make data-informed decisions to improve their cybersecurity.
The AttackIQ Security Optimization Platform – winner of the 2021 American Security Today ‘ASTORS’ Homeland Security Awards Gold Award for Best Breach and Attack Simulation Solutions, and the 2021 GOVIES Government Security Gold Award for Best Cyber Defense Solution – enables cybersecurity practitioners to continuously verify the health of their security programs safely, at scale, and in an automated fashion. Continuous security control validation gives security teams real-time, data-driven visibility into whether their controls are working as intended, all the time, not just one point in time.
“From the SolarWinds incursion to the recent tensions along the Ukrainian border, we are in a state of perpetual conflict in cyberspace, and the U.S. government faces significant threats,” said Carl Wright, Chief Commercial Officer at AttackIQ and former CISO of the U.S. Marines Corps. “We at AttackIQ are humbled to partner with the U.S. Government to give our nation’s critical organizations the technology and knowledge they need to stay ahead of the evolving threat landscape.”
The use of breach and attack simulation delivers a number of capabilities to the U.S. government, including:
- Security Control Validation: Agencies and the U.S. military use the platform to continuously test and audit their security controls to ensure cybersecurity readiness.
- Compliance Optimization: U.S. government contractors and agencies can validate compliance effectiveness against the Department of Defense’s Cybersecurity Maturity Model Certification (CMMC), and the National Institute of Standards and Technology (NIST) 800-53 family of security controls.
- Analyst Training and Certification: Agencies and the U.S. military use the platform to test their teams against specific certification requirements like NIST 800-53 and the DoD’s Cybersecurity Maturity Model Certification (CMMC) to elevate individual and team performance.
These capabilities emerge from cutting-edge research and development produced by MITRE Engenuity’s Center for Threat-Informed Defense, a private research and development organization with the mission to elevate the world’s cybersecurity effectiveness and expand the use of the MITRE ATT&CK framework. AttackIQ is one of the founding members of the Center, and has contributed to seven of 13 projects launched last year, including ATT&CK for Cloud, NIST 800-53 Controls to ATT&CK Mapping, and Mapping ATT&CK to CVE.
Lieutenant General Lori E. Reynolds, USMC, Retired Joins Informed Defenders Council
To better share cybersecurity learnings with U.S. government agencies, AttackIQ is proud to announce that Lieutenant General Lori E. Reynolds, USMC, Retired, has joined AttackIQ’s Informed Defenders Council of expert security advisors. The Council brings together cybersecurity and technology leaders across industries to share best-practices and improve cybersecurity effectiveness. Lieutenant General Reynolds’ depth and breadth of experience will serve as a resource for the government as agencies deliver a threat-informed defense.
Retiring after a 35-year career in the United States Marine Corps, LtGen Reynolds’ final assignment was as the Deputy Commandant for Information, a newly established position that recognized the growing importance of information, cyberspace and digital technologies, as well as the emerging conflict domains of space and cyberspace. In her time as the Deputy Commandant for Information, she was responsible for all IT, intelligence, cyberspace, space, and influenced personnel and capability development for the Marine Corps. LtGen Reynolds joins existing federal government expert and council member James Trainor, former Assistant Director of the FBI and current SVP at Aon Solutions, to strengthen AttackIQ’s U.S. government advisory expertise in our Informed Defenders Council.
“Threat actors are only becoming more sophisticated and aggressive in their attempts to do harm and cause disruption to the organizations they target. It is time for the cybersecurity community at large to look holistically at the challenges and share corresponding best practices with each other so we can ensure we are doing our best to create a more secure world,” said Lori Reynolds. “I’m pleased to have the opportunity to join this community of experts designed to find new ways to defend organizations and further help ensure the security of our nation.”
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free award-winning AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat-Informed Defense. For more information, visit www.attackiq.com. Follow AttackIQ on Twitter, Facebook, LinkedIn, and YouTube.