Start-up provides way for vendors to evaluate tools and counts IBM, Cisco, Blackberry, and Microsoft among initial partners
AttackIQ, a start-up that builds attack and breach simulation solutions, is rolling out its open security platform and launching a partner program to drive its use in the market.
The Lowdown: The Santa Clara, California-based company on Monday launched its Security Optimization Platform to help enterprise security teams that are tasked with pushing back against growing and increasingly sophisticated cyberattacks and doing so with tightening budgets. AttackIQ’s Preactive Security Exchange (PSE) offers a way for security vendors to prove and improve the capabilities of their products.
The Details: The Security Optimization Platform offers more than two dozen features, from automated testing and threat hunting to testing and evaluation of managed security service providers (MSSPs), compliance mapping, architectural strategy and security control rationalization, and training for artificial intelligence (AI) and machine learning.
The goal is to offer a platform that vendors can leverage to test their myriad tools at scale and in production environments, delivering automated insights into the performance of those products. The platform is based on AttackIQ’s Informed Defense Architecture and is tightly aligned with the MITRE ATT&CK database of known cybercriminal techniques and tactics.
The company’s PSE is kicking off with a long list of partners, including BlackBerry, Cisco, Illumio, LogRhythm, Microsoft, RSA, IBM, FireEye, and SentinelOne. The goal is to make it easier for organizations to better manage an increasingly crowded landscape of security control products.
The Impact: A Ponemon Institute report last year found that enterprises spend about $18.4 million a year on cybersecurity and deploy 47 security products, but 53% said they don’t know how well those tools are working. A platform like that from AttackIQ can give organizations and channel partners a better understanding of which tools are effective, which not only can strengthen their security posture but also can give them a better return on their security investments.
Background: AttackIQ was launched in 2013 and has raised $31.9 million over two rounds of funding from eight investors, including $17.6 million a year ago, according to Crunchbase.
The Buzz: “COVID-19 has been a game-changer for cybersecurity practitioners,” AttackIQ CEO Brett Galloway said. “CISOs are under a siege of attacks, while spending is undergoing increased scrutiny. We’re in a new era that requires an optimization strategy for better insights, better decisions, and real security impact, beginning by addressing the most overlooked cybersecurity issue: control effectiveness.”
“With the launch of the PSE, AttackIQ has set forth a mission of fixing enterprise security through honest, open collaboration with any security control vendors willing to work with us to better understand how to test their products, for the benefit of our mutual customers,” said Dariush Afshar, vice president of platform for AttackIQ. “This initiative will enhance our ability to accurately measure the effectiveness of security controls within the customer environment and help vendors tune their products to better deliver on promises, and in turn, better protect their enterprise.”
“Security optimization is absolutely paramount in today’s cybersecurity operating environment,” said Jeremy Phelps, director of information security at Akin Gump, an AttackIQ customer. “The new normal of measuring program effectiveness will be directly tied to better insights and better decisions that create value for the business.”
“We’re excited to be a part of AttackIQ’s PSE. It provides us with the opportunity to show customers how our products perform when tested continuously by an independent platform,” said May Mitchell, vice president of global channel sales and alliances at BlackBerry. “That transparency enables us to remind customers just how committed we are about delivering a best-in-class solution for them. In our ongoing pursuit of excellence, partnering with the PSE has helped us identify specific, practical, and constructive ways we can tune our products to help customers better deploy them for even higher efficacy via our custom partner assessment template.”
“Cisco values its partnership with AttackIQ and is delighted to be a part of AttackIQ’s Preactive Security Exchange. As the leading neutral platform to enable seamless breach and attack simulation with comprehensive capability for continuous and targeted validation of security posture, AttackIQ allows Cisco to objectively showcase the many strengths of our security portfolio to customers,” said Farzad Bakhtiar, senior product manager for Cisco’s Advanced Malware Protection Group.
“As the leading provider of end-to-end segmentation, we are committed to providing our customer and prospects with valuable information that illustrates the efficacy of our products and underscores their value within an organization’s technology stack,” said Vijay Chauhan, vice president of product marketing at Illumio. “We’re pleased to participate in AttackIQ’s Preactive Security Exchange as an inaugural member to provide greater transparency to users across the globe.”
“With the proliferation of cybersecurity technology, it can be challenging to determine which tools meaningfully deliver on their capabilities to actively improve security maturity,” said James Carder, chief security officer and vice president of LogRhythm Labs. “We’re excited to participate in AttackIQ’s Preactive Security Exchange, as it gives us the opportunity to objectively showcase the holistic power of the LogRhythm NextGen SIEM Platform. This way, potential customers can not only see for themselves just how we can help strengthen their overall security posture but also share feedback to help inform future product updates to ensure the platform continues to meet their needs.”