Price: $5,000 per test endpoint
What it does: AttackIQ Platform identifies gaps in production environments and helps mitigate risk so organizations may measure the effectiveness of their security posture and increase the overall return on investment of their existing security tools.
What we liked: We very much appreciate the many informative and easily understood reporting options that are available out-of-the-box.
AttackIQ Platform identifies gaps in production environments and helps mitigate risk so organizations may measure the effectiveness of their security posture and increase the overall return on investment of their existing security tools. Security control tests are typically costly and inefficient, requiring many intensive manual assessments. By contrast, AttackIQ automates the security control testing process, using the Integration Manager to establish connections between all the security tools present in an environment.
Its simple assessments help analysts identify the best testing methods for their purposes as well as the best assets to perform the necessary tasks. The Scenario Library has several filters for pulling subsets that target desired assessment types. It also uses many different tactics and techniques to exercise various organizational security controls, emulate adversaries and uncover meaningful data. Security teams may customize scenarios that they can then save for future use. They may also configure assessments to run manually or to run automatically according to a set schedule.
The Attack Navigator serves as a useful tool that homes in on threats and vulnerabilities by overlaying specific content monitoring onto the MITRE ATT&CK framework. This capability also creates new assessment templates for greater ease of use and adds a great deal of sophistication to the platform.
The dashboard layout optimizes the user experience with an intuitive navigation pane that simplifies movement throughout the platform. The dashboard offers several filtering options for assessment results and analysts may categorize these results by assets or by the scenario types that they have run. The Technology Stack menu even offers various enabled and disabled integrations that teams may configure to suit their specific needs. A high-level overview shows many important statistics, including historical activity trends and detailed activity logs, about the various assessment scenarios the solution has conducted. The MITRE ATT&CK heatmap shows threats in a way that maximizes the visibility and efficiency of prevention and detection. Analysts may view threats broken down according to MITRE tactics.
We very much appreciate the many informative and easily understood reporting options that are available out-of-the-box. Like the overview, all the reports offer many kinds of granular details, such as assessment descriptions, mitigation suggestions and report cards that evaluate scenarios according to name and pass rate. These detailed reports deliver tremendous value to blue teams because they outline how the platform has executed each scenario, which controls have detected each threat and what steps analysts must now take to complete the mitigation and validation processes.
Overall, AttackIQ’s scalable and open systems platform lets customers download, modify and create their own content. The production-based testing scenarios offer realistic assessments of the enterprise environment and use powerful agents to simulate advanced covert attack methodologies such as lateral movements and living-off-the-land techniques. Because of its flexibility, security pros can implement this breach and attack simulation tool quickly, allowing customers to begin running assessments the moment they successfully deploy an agent within their environment.
Pricing starts at $5,000 per test point and includes 24/7 phone, email and website support. The knowledgebase includes many substantive documentation manuals, including references to most of the API calls the platform provides.