Facebook Tracking
November 18, 2019

AttackIQ’s Extreme Ownership – Giving back to our community through research

Category: Blog

I am pleased to announce that AttackIQ has been selected as one of the ten founding members of the MITRE Engenuity Center for Threat Informed Defense (CTID). AttackIQ, one of only three security technology vendors among the founding members, believes deeply in MITRE ATT&CK and in the mission of CTID to advance a shared understanding of cyber adversary behavior and to use that understanding to improve the effectiveness of defenses against cyber attacks. AttackIQ was the first Breach and Attack Simulation vendor to embrace the ATT&CK framework in its entirety. It is our intent to continue to invest in ATT&CK going into the future.

2019 has been a year of transformation for AttackIQ. Taking a moment to reflect on the past while looking to the future, I am filled with a great sense of pride and gratitude. Our market, Breach and Attack Simulation (BAS), has shifted markedly from early adopters to budgeted strategic deployments with companies of all sizes and verticals.  Our business has enjoyed hyper-growth, with a relentless focus on customer success. And our company has expanded its capabilities greatly, with so many great people joining the team and partners joining the extended team. We could not be more energized as we look to 2020.

Even so, what excites me most is our team’s commitment to our mission: to fix enterprise security. So many people in our industry are working so hard to secure our increasingly software-dominated world, both as practitioners and as vendors. Yet despite all of that effort, according to the Verizon Data Breach Report, 82% of successful breaches should have been stopped by existing security controls but weren’t. Why do security controls fail? Because they are not tested adequately. We’ll never get there with human testing. Only automated testing can put in place the feedback loop that is necessary to make security controls effective.

But we must also achieve effectiveness through sharing. We believe that deeply, having fielded an open system testing platform that enables our users to share attacker scenarios for the betterment of all. We made the decision to become Founding Research Partners with MITRE Engenuity and the Center for Threat Informed Defense so that we can engage at an industry wide level and contribute substantially for the broader public good.

Our strategic lens will be unique, channeling the needs and ideas of our diverse customer base into the Center’s research pipeline.  We plan to contribute to the Center’s research portfolio through our continued investments and are already positioning projects around key areas of interests. Particular interests include: how automation can make better use of the data behind the ATT&CK technical body of knowledge, how to better kickstart an ATT&CK program, and how the threat-risk nexus can be better instrumented to create evidence-based and threat-informed security compliance.

This investment is important for AttackIQ from a corporate perspective and is critical for us to achieve our overarching mission. Sharing and information exchange have always been part of our culture. Contributing to the CTID will be an important way AttackIQ directly gives back for the public good. We are committed to maintaining our BAS market leading independence, but more importantly, to being a company with substantive commitment to driving towards a more secure world. We are thankful that the MITRE Corporation recognized that there needed to be a sea change if we are to thwart continued adversarial bad actors. We are humbled to be founding partners of this great initiative.

About the Author

Brett Galloway

Brett has more than 30 years of executive and entrepreneurial experience in the technology industry. He has brought together technology, product, and business expertise to innovate and deliver a stream of successful product businesses. Brett holds Bachelor and Master of Science degrees in electrical engineering from Stanford University.