ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Businesswire | April 03, 2023
AttackIQ®, the leading independent vendor of Breach and Attack Simulation (BAS) solutions, today announced the availability of AttackIQ Ready!, a fully managed breach and attack simulation service that leverages years of advanced content and actionable reporting to improve organizations’ security posture and security program performance. The service was designed to simplify the execution of a continuous security validation program, showing results in real-time and orchestrating faster remediation – all through one automated platform – for everyone who wants it.
Absent real data, teams lack clarity about their capabilities and performance and cannot confidently operate against the adversary. AttackIQ has found that security controls only stop the adversary 39% of the time in the real world due to misconfigurations and security control degradation. To solve this problem, AttackIQ Ready! delivers clear reporting and analysis so that security leaders know how well their controls perform against the adversary. AttackIQ Ready! provides weekly reports, monthly executive-focused reports, and insurance-focused reports that can be used to communicate to the executive team, the board, insurance companies, and regulators alike.
“We know that automated testing provides a path to better security and business outcomes. With this announcement, we are making AttackIQ’s advanced testing capabilities available to a much broader section of the market,” said Carl Wright, Chief Commercial Officer, AttackIQ. “Many organizations lack the resources to operationalize the MITRE ATT&CK framework or conduct red team assessments of their cyberdefenses. We are very excited to release AttackIQ Ready! to help teams of all sizes maximize return on investment and improve operational readiness.”
With AttackIQ Ready!, organizations can expect the following:
Easy and Immediate Use: From day one, AttackIQ Ready! provides an easy-to-use and immediate baseline understanding of your security coverage as well as continuous visibility into your security posture. It helps you to identify gaps and issues surrounding your overall cybersecurity hygiene.
Weekly and Monthly Reporting: Weekly and monthly reports about your security controls’ performance, including against specific adversaries curated by the AttackIQ Adversary Research Team (APT29, FIN6, etc.).
Monthly Adversary Curation: Every month, the AttackIQ Adversary Research Team introduces a new set of adversarial campaigns to test your security controls against that specific adversary.
Continuous Automated Testing: The AttackIQ Ready! team conducts weekly tests of your security controls using MITRE ATT&CK-aligned assessments drawn from the full AttackIQ research library.
Actionable Remediation Guidance: Generates tailored, easy-to-use remediation guidance so that you can close gaps and address issues quickly to improve performance.
Detection Engineering: AttackIQ Ready! introduces the option of detection testing for companies that have a security operations center or a SIEM structured to respond to alerts and attacks.
In-App Threat Intelligence and Analysis: Gain immediate in-app analysis about emerging and advanced threats and how to prepare your defenses to withstand attacks.
AttackIQ Ready! will help an even broader range of customers to achieve these results. A security operations center is not required to use AttackIQ Ready!. All that is needed are existing security controls to validate, either through cloud services like AWS or Azure or security providers.
What kind of results might companies expect? One security leader at a premier biosciences company recently used the AttackIQ platform to prove to an insurance company that his security controls were performing as intended and negotiate a peg to his insurance premium, saving his organization hundreds of thousands of dollars in fees. As he said, “When we can prove that our solutions and controls are not just adequate, but they're rock solid, there's much value there. The investments in our firewalls, endpoint controls, and network security controls help build the program's reputation and instill more confidence. Then when we go to the board for requesting a large sum of funding for maybe a new project, there are not as many questions.”
“AttackIQ has helped companies from the Fortune 10 to Global 2000 elevate their security effectiveness, including JetBlue, Bupa and the Department of Defense,” Wright continued. “This service will help companies hone security analyst and security operations team performance, find redundancies in security controls, validate security controls for insurers, decrease the impact of breaches, and much more. You can’t manage what you can't measure, and we look forward to helping organizations measure their defenses against the adversary.”
Pricing and Availability
AttackIQ Ready! is available now. More details are available at: www.attackiq.com/ready. For pricing or to schedule a demo, contact AttackIQ.
About AttackIQ
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. The Company is committed to giving back to the cybersecurity community through its free award-winning AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat-Informed Defense.
Read More
DATA SECURITY, SOFTWARE SECURITY, WEB SECURITY TOOLS
Interos Inc | March 10, 2023
On March 9, 2023, Interos, one of the leading operational resilience companies creating the world's strongest, safest, and most secure supply chains, announced the introduction of its upgraded cyber risk factor, a part of its i-ScoreTM measurement of operational resilience.
The Interos i-Score is the first of its kind resilience score that assesses the health of extended supply chains against multiple risk factors, such as restriction, financial, geopolitical, operations/catastrophe, ESG, and cyber.
The i-Score update includes an innovative cyber behavior model to detect potentially harmful cyber activity irrespective of public disclosure, commercial cyber ratings, threat assessment (Mitre ATT&CK®), vulnerability information (CVEs), regulatory compliance, cyber events, and operating country issues into a single score.
This advancement directs cyber risk and procurement managers to their multi-tiered vendors most exposed to ransomware, breaches, data leakage, and other cyber-attacks carried out by malicious attackers who target suppliers concealed in the extended global supply chain. Interos's 2022 Resilience study of 1,500 cybersecurity and procurement leaders found that cyber incidents cause supply chain disruptions that cost businesses $37M each year.
Andrea Little Limbago, SVP, Research & Analysis, Interos, said, "This is another crucial step forward in helping organizations achieve operational resilience." She further mentioned, "We've added new, proprietary models that integrate and assess data on cloud-based risk exposure, evaluate anomalous cyber behavior, measure regulatory compliance risks and more. It's designed to deliver better and faster information to CPOs partnering with CISOs — who are increasingly being held accountable for collective cyber resilience — to respond to more frequent and severe supply chain cyberattacks, with enhanced monitoring of vendors and third-party service providers."
(Source – Cision PR Newswire)
About Interos Inc
Founded in 2005, Interos is one of the leading operational resilience companies. The company's first-of-its-kind scoring and relationship discovery technologies automate evaluation, detection, and response to risks. As the only operational resilience platform in the world, it protects customers from unethical labor, regulatory violations, cyberattacks, disasters, bankruptcy, and other supplier vulnerabilities. Interos is based in Washington, DC, and has clients all over the world, including NASA, the U.S. Department of Defense, and a number of Global Fortune 500 companies.
Read More
ENTERPRISE SECURITY, PLATFORM SECURITY, SOFTWARE SECURITY
Prnewswire | March 29, 2023
BreachLock officially launched its API Penetration Testing Service today, making API security testing faster, more scalable, and more affordable compared to alternative pentesting providers. The company is best known for its human-led, AI-enabled Pen Testing as a Service (PTaaS) solution delivered via its award-winning client portal. API penetration testing will help organizations prevent cybercriminals from exploiting unpatched API vulnerabilities to perpetrate cybercrimes.
BreachLock is known for its innovative pentesting approach as a leader in the emerging PTaaS market. With a global reputation for delivering enterprise-grade penetration testing services, Breachlock leverages automation to ensure affordability and speed for clients held back by alternative pentesting options. With integrated remediation, companies can decrease their window of exposure to critical API vulnerabilities fast. Clients receive evidence-backed pentest reports with guided remediation on critical vulnerabilities, along with 12 months of access to retest, generate reports, and run scans inside the client portal.
Regarding its new security testing offering, BreachLock's Founder & CEO, Seemant Sehgal, comments, "With the rise in security breaches involving insecure APIs, it's our responsibility to enable clients to prevent similar incidents." Sehgal adds, "Staying ahead of cyber adversaries is the name of the game. With today's threat landscape, agile pentesting is the key to combatting security breaches, especially when done regularly."
BreachLock's API pentesting service is conducted by 100% in-house, certified expert pentesters (e.g., CREST, OSCE, OSCP, CISSP, CEH) that leverage AI and automation to accelerate the process and deliver more accurate results that closely correlate with OWASP best practices. Its security experts apply maximum business logic to every API pentest during a manual deep dive and ensure zero false positives by validating automated findings.
About BreachLock
BreachLock® is a global leader in cybersecurity and Penetration Testing services combining the power of human hackers, artificial intelligence, and automation. Engineered for agility and scalability for digital environments of any scale, on its cloud-native platform, BreachLock delivers full-stack, Human-led, AI-enabled, Pen Testing as a Service (PTaaS), enabling organizations to accelerate pentesting by 50% and reduce TCO by 50% in comparison to alternative penetration testing companies. BreachLock helps clients accelerate their security maturity, meet compliance requirements (i.e., PCI DSS, ISO 27001, HIPAA, GDPR, SOC 2), and conduct third party security vendor assessments.
Read More