Price: $5,000 per Test Point Engine.
What it does: AttackIQ Platform assists Red and Blue Teams by continuously testing different security measures in production systems in order to validate security controls using workflows and attack emulations.
What we liked: How thoroughly the platform aligns to the MITRE ATT&CK Framework and the transparency as to how security controls are tested and adversaries are emulated.
AttackIQ Platform aligns
to the MITRE ATT&CK Framework and is designed to continuously validate
security controls by testing different securities in production systems. It
uses controlled adversarial workflows and attack emulations to assist Red and
Blue Teams with measuring the effectiveness of security controls in the
Organizations can choose
from a variety of built-in assessment templates from MITRE, CrowdStrike and Red
Canary that offer groups of scenarios designed to exercise security measures
either against a certain methodology, focused on a specific technology or
emulating a certain adversary. Assessments refer to automated workflows that
come with a few options out-of-the-box templates, downloadable assessments
uploaded to the community forum, or a build-your-own option. The tool
incorporates top adversary information into the assessments, with more
continuously and regularly added and updated. Organizations can leverage the
templates to manage privileges, conduct MITRE threat assessments and mitigate
Windows credential theft scenarios.
Each lightweight agent
frequently checks in to see if it has been either manually or automatically
assigned attack scenarios. Agents run scenarios one at a time, validating the
success of each attack, and then ensure the system reverts to its
pre-assessment state. After each scenario is run, results are sent to the
management platform with the process repeated until all assigned work is
completed. The agent then idles to reduce overall resource consumption.
Security teams can rerun assessments to validate mitigation success.
The tool offers several
ways of representing the results of each assessment to give analysts a
tremendous amount of visibility into their security posture.
Findings View provides
extensive charts and graphs with an overall historic result view to demonstrate
efficacy over time. Results can also be broken down by agent or according to
the type of assessment that was run with an overall prevention graph that gives
the high-level statistics of an assessment.
Heatmap reports serve as
high-level report cards for the tested technology, offering a variety of
results, including MITRE detection, prevention, a measure of success for each
attack tactic that was conducted and an overall assessment of that technology.
Detailed technical reports
are broken down to show each part of every assessment scenario, system and
All reporting is done from
a defensive posture standpoint, with the goal of ensuring that all graphs come
back as green (healthy), indicating an organization is successfully blocking
adversarial workflows and attacks. If they are not being blocked, analysts can
gain a great deal
of granular information
from delving into the results section.
In addition to reporting
on assessment results, AttackIQ provides mitigation recommendations for every
single phase of every single attack in the platform.
This is not a black-box
solution. The company wants organizations to understand how security controls
are being tested and how adversaries are being emulated. This transparency
gives rise to intuitive customization, which is important as this is an open
systems platform with a lot of flexibility.
Starting price is $5,000
per Test Point Engine. Phone, email and website support is available 24/7 and
comes standard with subscription.