Price: $5,000 per Test Point Engine.
What it does: AttackIQ Platform assists Red and Blue Teams by continuously testing different security measures in production systems in order to validate security controls using workflows and attack emulations.
What we liked: How thoroughly the platform aligns to the MITRE ATT&CK Framework and the transparency as to how security controls are tested and adversaries are emulated.
AttackIQ Platform aligns to the MITRE ATT&CK Framework and is designed to continuously validate security controls by testing different securities in production systems. It uses controlled adversarial workflows and attack emulations to assist Red and Blue Teams with measuring the effectiveness of security controls in the production environment.
Organizations can choose from a variety of built-in assessment templates from MITRE, CrowdStrike and Red Canary that offer groups of scenarios designed to exercise security measures either against a certain methodology, focused on a specific technology or emulating a certain adversary. Assessments refer to automated workflows that come with a few options out-of-the-box templates, downloadable assessments uploaded to the community forum, or a build-your-own option. The tool incorporates top adversary information into the assessments, with more continuously and regularly added and updated. Organizations can leverage the templates to manage privileges, conduct MITRE threat assessments and mitigate Windows credential theft scenarios.
Each lightweight agent frequently checks in to see if it has been either manually or automatically assigned attack scenarios. Agents run scenarios one at a time, validating the success of each attack, and then ensure the system reverts to its pre-assessment state. After each scenario is run, results are sent to the management platform with the process repeated until all assigned work is completed. The agent then idles to reduce overall resource consumption. Security teams can rerun assessments to validate mitigation success.
The tool offers several ways of representing the results of each assessment to give analysts a tremendous amount of visibility into their security posture.
Findings View provides extensive charts and graphs with an overall historic result view to demonstrate efficacy over time. Results can also be broken down by agent or according to the type of assessment that was run with an overall prevention graph that gives the high-level statistics of an assessment.
Heatmap reports serve as high-level report cards for the tested technology, offering a variety of results, including MITRE detection, prevention, a measure of success for each attack tactic that was conducted and an overall assessment of that technology.
Detailed technical reports are broken down to show each part of every assessment scenario, system and attack.
All reporting is done from a defensive posture standpoint, with the goal of ensuring that all graphs come back as green (healthy), indicating an organization is successfully blocking adversarial workflows and attacks. If they are not being blocked, analysts can gain a great deal
of granular information from delving into the results section.
In addition to reporting on assessment results, AttackIQ provides mitigation recommendations for every single phase of every single attack in the platform.
This is not a black-box solution. The company wants organizations to understand how security controls are being tested and how adversaries are being emulated. This transparency gives rise to intuitive customization, which is important as this is an open systems platform with a lot of flexibility.
Starting price is $5,000 per Test Point Engine. Phone, email and website support is available 24/7 and comes standard with subscription.