AttackIQ Launches MITRE ATT&CK for Dummies

Free guide helps cybersecurity teams bolster their security posture using the MITRE ATT&CK framework with breach and attack simulation Read More

SANTA CLARA, Calif., Nov. 18, 2020 – AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) systems, today announced the launch of MITRE ATT&CK® for Dummies, a free, easy-to-use guide designed to help businesses improve their security effectiveness, strengthen their cybersecurity program, and maximize resources. Organizations can use the guide to train security teams on how to effectively practice threat-informed defense.

“Our innovative Security Optimization Platform, free educational courses, step-by-step blueprints and deep partnerships with a variety of leading security vendors help customers effectively implement and support a threat-informed defense practice,” said Brett Galloway, CEO of AttackIQ. “The launch of MITRE ATT&CK for Dummies is the latest step in our continued commitment to helping businesses effectively and efficiently defend their interests in cyberspace.”

The purpose of MITRE ATT&CK is to improve cybersecurity globally. “One of our goals as a public interest research institution is to help the cybersecurity community improve its operational effectiveness so that cyberspace can be safer for everyone,” said Richard Struse, Director of MITRE Engenuity’s Center for Threat-Informed Defense. “We’re pleased to see members of the community help others take advantage of ATT&CK so they can shift from an ad hoc approach to cybersecurity to a threat-informed approach.”

Prior to the launch of the MITRE ATT&CK framework in 2015, security teams were stretched thin as they tried to close every vulnerability, meet every standard, and buy the “best” technology. For years, defenders lacked a common vision of the threat landscape. Cyberthreat intelligence in the private sector was often based on after-the-fact forensic data and left defenders uncertain about the adversary’s future approach. Detailed knowledge of adversary tactics was often limited to classified government environments. Lacking a common lexicon for discussing adversary behaviors across the community, defenders fumbled in the dark to achieve effectiveness.

“With the release of ATT&CK in 2015, this era of strategic ambiguity came to an end,” said Carl Wright, AttackIQ’s Chief Commercial Officer. “ATT&CK gives the cybersecurity community a single, easy to access repository of adversary behavior to set a baseline against which they can prepare their cyberdefenses. In short: it has transformed the security community’s approach and increased effectiveness.”

This comprehensive Dummies Guide, adapted directly from MITRE research and analysis, shows security teams how to leverage ATT&CK’s easy-to-access repository of adversary behavior. The ATT&CK matrix serves as a foundation for AttackIQ’s Security Optimization Platform and complementary offerings. Once businesses learn to use ATT&CK, they can deploy an automated breach and attack simulation platform to test security controls and generate real performance data to improve their security program at scale.

One of AttackIQ’s fundamental principles is to give back to the cybersecurity community. To further cutting-edge research, AttackIQ is a founding member of MITRE Engenuity’s Center for Threat-Informed Defense, a collaborative research institution that brings together leading security teams worldwide to identify and solve critical cyberdefense problems and share those results freely with the community. AttackIQ has also launched an industry-first Academy to help cybersecurity practitioners study best practices in threat-informed defense and cybersecurity operations. To date, more than 7,000 students in 126 countries have registered for AttackIQ Academy courses. This Dummies Guide to MITRE ATT&CK will help Academy students put MITRE ATT&CK to use in their organizations.

To learn how to effectively shift from an ad hoc approach of meeting cybersecurity regulations to countering known, dangerous threats, download MITRE ATT&CK for Dummies here.

Take the companion learning path on threat informed defense in AttackIQ Academy here.

About AttackIQ

AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat Informed Defense. For more information visit www.attackiq.com. Follow AttackIQ on TwitterFacebookLinkedIn, and YouTube.