Automated Testing
Companies use AttackIQ to test and audit their security controls to ensure that they work as they should. Blue and red teams use AttackIQ’s library of adversary emulations to exercise and validate specific security controls, building on the library with new threat intelligence from the outside or that the security team generates itself.
This threat-informed approach drives security effectiveness. Why? Traditionally, “blue team” network defenders have focused their defensive strategies on meeting baseline cybersecurity best-practices: correcting misconfigurations, administering patches, and deploying best-in-class commercial products. If defenses are not oriented toward the most important threats, then those resources are wasted, and if they are not tested actively against probable threats, then they are likely to fail when challenged by the adversary, letting the attacker slip past. Security organizations have turned to “red team” and penetration testing to meet this challenge, but such testing is sporadic, under-resourced, and ineffective to validate security control effectiveness continuously and at scale.
So how can the Security Optimization Platform help? If you are a blue team, you can better test your security controls using adversary emulation as opposed to relying on a sporadic manual process. You can use AttackIQ to validate that your security controls are working, and, when they’re not working, to correct them. Testing focuses the blue teams on likely adversary behaviors as opposed to meeting compliance benchmarks.
If you are a red team, you can then use our open platform to capture and codify new tests to make them routine. You can use AttackIQ to do routine testing, freeing up your personnel to do more advanced testing. The automated platform helps you to be more efficient; you can run automated testing operations at scale and benefit from the rich performance data that scaled automation brings. In a resource constrained environment, the platform allows you to run a red-team exercise in a light, affordable way to drive up security, effectiveness, and efficiency and devote resources to focus on problems that demand human attention.
When AttackIQ is used in this way with blue and red teams, it enables purple teaming. Purple teaming is a defensive method that focuses on collaborative communication between the red and blue teams, sharing threat information between them to understand adversary tactics, techniques, and procedures and then take steps to close defensive gaps and stop intrusions quickly. With the best of red and blue, purple teams focus on the overarching threat landscape, they understand their security technologies, and they understand their organization and its operational attributes. The combination of MITRE ATT&CK, AttackIQ as a Security Optimization Platform, and purple teaming delivers a threat-informed defense for the organization.