New diagnostic service leverages the authoritative MITRE ATT&CK framework combined with the expertise of top risk management firm and leading automated testing platform to transform enterprise cybersecurity programs
SAN DIEGO, Calif. & WASHINGTON, D.C.–AttackIQⓇ, the largest independent leader of the continuous security validation market, today announced a partnership with The Chertoff Group, a leading global security risk management firm, to offer a joint solution to help organizations measure security risk, train security staff and justify security investments. The service, called The Chertoff Group Cyber Risk Diagnostic, is designed to help enterprise customers build and sustain security programs that are strategic, risk-based and focused on proven effectiveness.
Leveraging AttackIQ’s automated testing platform which operationalizes the MITRE ATT&CK framework1, the industry’s most authoritative approach to mapping threat actors to tactics, techniques and procedures (TTPs), the Cyber Risk Diagnostic measures the effectiveness of an organization’s defensive countermeasures with unparalleled transparency and precision. The Cyber Risk Diagnostic creates a risk-based threat model, maps a customer’s current defenses to TTPs in the threat model, clearly identifying what technologies and standards are addressing what TTPs, and identifying holes in coverage. This TTP-coverage map enables customers to prioritize future defensive countermeasure investments based on actual risk reduction.
Customers of the joint offering receive hands-on support to familiarize the technical team in conducting threat-specific planning and controls assurance testing. They are also coached on how to make specific business cases for security tools or personnel investments that align with their organization’s specific security needs. Technical teams receive in-depth training to empower organizations to leverage the AttackIQ platform and the Cyber Risk Diagnostic TTP map to continuously evaluate countermeasure performance and make strategic, threat-informed decisions to further mature the program.
While adversaries can change hash values, IP addresses, domains and other indicators leveraged as part of their tradecraft, it is much more difficult for them to change overall tactics and techniques. That is why AttackIQ and The Chertoff Group built the Cyber Risk Diagnostic service to help organizations orient their defenses around TTPs and maintain protection against real-world, known threats. Additionally, because there is often ambiguity on the extent to which a defensive measure actually addresses specific threat activity (particularly depending on how it is configured and implemented), it is essential for organizations to understand precisely how their protective and detective capabilities perform against simulated threat activity run against their technology stack.
“Recent research from the Ponemon Institute found that American enterprises spend $18.4 million on average every year on cybersecurity tools and technology, yet more than half don’t know if these tools are even working,” said Brett Galloway, CEO of AttackIQ. “The AttackIQ platform is designed to address this very problem. We have worked with The Chertoff Group for over a year in developing the Cyber Risk Diagnostic, and have used the approach as a proof of concept with multiple customers, receiving overwhelmingly strong, positive feedback. It is our belief that this solution is a true game-changer in the security industry, providing customers with an unmatched assessment of control effectiveness, targeted training and meaningful security investment justification.”
About AttackIQ
AttackIQ, a leader in the emerging market of continuous security validation, built the industry’s first platform that enables red and blue teams to test and measure the effectiveness of their security controls and staff. With an open platform, AttackIQ supports the MITRE ATT&CK framework, a curated knowledge base and model for cyber adversary behavior used for planning security improvements and verifying defenses work as expected. AttackIQ’s platform is trusted by leading companies around the world. For more information visit www.attackiq.com. Follow AttackIQ on Twitter, Facebook, LinkedIn, Vimeo, and YouTube.
About The Chertoff Group
The Chertoff Group is a global advisory services firm focused on security and risk management. The firm applies security expertise, technology insights, and policy intelligence to help clients build resilient organizations, gain competitive advantage, and accelerate growth. Through the firm’s Strategic Advisory Services Practice Area, The Chertoff Group offers comprehensive security assessments, risk management strategies, policy and planning frameworks, and ongoing monitoring services to help clients anticipate, prepare for and build capabilities necessary to navigate today’s complex threat environment.
1 © 2018 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. More information available at https://attack.mitre.org/
