Ending the Era of Security Control Failure

A data analytic study of historic security control failures against top MITRE ATT&CK techniques – and what to do to improve security program performance.

Ending the Era of Security Control Failure Cover

After months of analysis, AttackIQ is publishing a data analytic study of historic security control failures against top MITRE ATT&CK techniques – and what to do to improve security program performance.

On average, the endpoint detection and response (EDR) controls in our anonymized customers’ environments only stopped these top 7 adversary techniques 39 percent of the time in 2021. This high degree of failure is not the fault of the security providers, as their controls stop the top techniques in our laboratory environment. Nor is it the fault of our customers, some of the most advanced cybersecurity teams in the world. The problem is embedded in the system itself.

Featured in a recent Bloomberg article about how the U.S. and allied governments are recommending automated testing, along with commentary from innovative AttackIQ customers, you can download this report now. Learn how and why security control failures are so pervasive in cybersecurity — and how you can solve the problem today through breach and attack simulation and automated security control validation.


*Correction: In a prior version of the study, it said “% Prevention Failures” at the top of the chart in the right hand column on page 5 when it should have said solely “% Prevention”.

By submitting this form you indicate that you have read and agree to the terms of our Privacy Policy.