CONTINUOUS ATTACK VALIDATION

In November 2015, during the RSA Conference in Europe, Amit Yoran President of RSA and former cybersecurity director at the U.S. Department of Homeland Security proclaimed “Infosec is fundamentally broken.” He said, “Infosec is an industry that wastes billions of dollars on firewalls and policing network perimeters, things that “make us feel safe” but don't address real problems. Look at the major breaches of recent memory and you will find companies that were attacked despite using next-generation firewalls and high-level software that, for all their cost and promise, allowed massive, embarrassing and harmful breaches.”

How do you know that the controls you have implemented are performing their functions properly? How do you know that your antivirus software, firewall, or any other security solution will block the threats?


Testing your Security Devices with AttackIQ FireDrill platform

FireDrillTM can be easily integrated into an existing network to identify security gaps and provide actionable insight to improve your security posture. FireDrill is cloud-based, requiring no bulky hardware or significant resources from your company’s infrastructure. On-premises deployments are possible if required by your organization.


DEPLOY AGENTS

Passive, lightweight agents are the sensors of the FireDrill platform. They receive and execute your selected scenarios and facilitate your live security testing.

FireDrill’s flexible deployment model allows you to strategically place agents as needed, adding or reducing the number of agents from month-to-month to allow for the most effective testing. All major operating systems are supported: Windows, Linux, OS X


RUN SCENARIOS

FireDrill is backed by industry-leading security researchers who collect intelligence and analyse current attack techniques, tactics, and procedures to create comprehensive test scenarios.

Scenarios are used to test controls, validate security posture, and instrument your environment. They consist of behaviours that execute unwanted behaviour or mimic real world malicious activity. By testing these things, you can confirm your protective and detective controls are functioning as designed. Scenarios can be run on-demand or on automated schedules to continually challenge your security infrastructure.

Out of the box, FireDrill comes with an inventory of common scenarios from global expert individuals and organizations. We continually create and curate an ever-growing library of scenarios to address emerging threats, sourced both from AttackIQ experts and the security community at large. AttackIQ also offers custom scenario development services to address specific concerns.


ATTACK SCENARIOS

Stages

  • Persistence
  • Privilege Escalation
  • Lateral Movement
  • Access to other Data Stores
  • C&C
  • Ex-filtration

Threat Actors

  • Nation State Actors
  • Insider Threats
  • Cyber Criminals

Major Breaches

  • Target
  • Sony
  • Home Depot
  • TV5Monde

Threat Intelligence Data Replay

  • PCAP
  • STIX
  • OpenIOC

VALIDATION SCENARIOS


Technology Testing

  • Access/Routing/Availability
  • Data Loss Prevention (DLP)
  • Content/Web Filtering
  • Firewall
  • Network and Host IPS/IDS
  • AntiVirus (AV)
  • SIEM
  • SSL Certificates
  • and more…

People and Processes

  • Incident Response
  • Red Team Playbook
  • Table Top Exercises

If a scenario fails, security teams are notified in real-time through custom reporting and alerts, or through a company’s existing SIEM technology and workflow.


VIEW RESULTS

FireDrill reports provide repeatable metrics and detailed actions you can take to strengthen your overall security posture. FireDrill’s real-time dashboard and results give you automated, accurate, repeatable validation of your live IT security infrastructure, allowing you to:

  • Assess your risk from emerging attacks immediately
  • Make fast and accurate decisions regarding potential security vulnerabilities
  • Evaluate your current products and protocols for effectiveness prior to compromise
  • Make informed data-driven decisions about existing and future security products
  • Communicate the value and risk of your infrastructure from the IT level to the Board

AttackIQ REPORTS

FireDrill comes with a library of comprehensive reports that provide precise assessment of your current live IT security infrastructure’s ability to protect against an attack.


Security Assessment Report

  • Provides general threat assessment.
  • Gives detailed insight on resiliency against specific attacks.

Security Technology Report

  • Validates security controls (e.g. firewall, advanced endpoint, AV, etc.)
  • Provides data-driven assurance that all security operations are functioning effectively

Product Comparison Report

  • Compare and contrasts security products in head-to-head fashion
  • Provides product performance metrics for purchase recommendations