Startup AttackIQ Aims to Replicate Intrusions to Improve Defenses

AttackIQ offers a service that allows companies to conduct automated attacks against their IT infrastructure to detect exploitable flaws and misconfigurations.

AttackIQ's automated attacks

San Diego-based startup AttackIQ emerged from stealth mode and kicked off its flagship security service on Jan. 20, aiming to allow companies to attack their own systems as a way of detecting vulnerabilities and security weaknesses.

The FireDrill service will allow companies to actively test the security of their networks, validating that their security products are working as expected and that vulnerabilities are not leaving their systems open to attack, Stephan Chenette, co-founder and CEO of AttackIQ, told eWEEK. By focusing on automated testing of defenses, companies can quickly detect changes to their security status, he said.

"We have focused so long on purely looking at vulnerability scanning as the means to assess our defenses, and it requires much more than that," he said. "We have to look at our own security architecture, and not only understand the techniques, tools and tactics of attackers, but replicate them against our own systems."

Organizations, especially large enterprises and government agencies, have focused on continuously monitoring their networks and systems for breaches. In addition, businesses with a more mature approach to security have used security information and event management (SIEM) systems to collect log, vulnerability and event data into an integrated picture of their current defensive posture.

However, such systems can often miss issues that attackers can then use to compromise business networks and data. AttackIQ's service installs agents on customers' systems and uses the software to check the system and to conduct a variety of different attack scenarios to test the business' security technology and processes.

Apparently, it's an idea whose time has come. More than 65 companies have already piloted the service, Chenette said. Last July, security firm SafeBreach announced that it had raised $4 million for a similar offering that replicates attacks on corporate systems to continuously validate a company's security.

"There is a frustration in the security industry that we continue to build security products, yet companies continue to be hacked," Chenette said. "So we wanted to take a step back and let companies challenge the products that they are buying."

In addition, AttackIQ hopes to offer guidance to companies on what technologies are doing the most to block attacks and may justify additional budget.

"For too long, security has been a guessing game," Chenette said. "There is a lot of money being spent on new technologies, and by running scenarios, you can validate and justify product spending. We want to bring meaningful metrics to help organizations make future purchasing decisions."

The company also has created an open repository of attack scenarios that customers can use and to which they can contribute new attack types. If a company wants to test against the attack that led to the breach of retail giant Target, they can because it has already been created, Chenette said.

Future attacks will also be coded into the automated attack script and posted to the repository.

Robert Lemos

Robert Lemos

Robert Lemos is an award-winning freelance journalist who has covered information security, cybercrime and technology's impact on society for almost two decades. A former research engineer, he's...