AttackIQ expands with DeepSurface's cybersecurity expertise

Yesterday

AttackIQ has announced the acquisition of DeepSurface, a company specialising in security posture management and vulnerability prioritisation, with the intention of enhancing its cybersecurity offerings.

Through the acquisition, AttackIQ aims to extend its existing Breach and Attack Simulation (BAS) use case to include Adversarial Exposure Validation (AEV), facilitating a transition for organisations towards Cyber Threat Exposure Management (CTEM). This integration seeks to aid organisations in programmatically managing exposure to cyber threats.

"This acquisition enables us to rapidly extend our traditional breach and attack simulation (BAS) use case to now include AEV and help organisations programmatically pivot to Cyber Threat Exposure Management (CTEM)," stated Brett Galloway, Chief Executive Officer of AttackIQ.

AEV is a cybersecurity framework designed to emulate real-world cyberattacks, thereby testing and validating an organisation's security posture. This framework uses automated tools to mimic the tactics, techniques and procedures of adversaries, allowing organisations to address and rectify exposure points, ensuring critical assets are not vulnerable due to unsuccessful security controls.

AttackIQ's AEV capabilities aim to enhance customer exposure management programmes, offering features such as: Active Threat Monitoring to prioritise risks with real-world threat intelligence, Attack Path Management for mapping adversaries' paths, and Vulnerability Prioritisation that contextualises vulnerabilities within an organisation's infrastructure. This suite of tools also includes Attack Surface Scanning, Exposure and Security Control Validation, and an advanced Risk Scoring mechanism.

Carl Wright, Chief Commercial Officer at AttackIQ, remarked, "Security teams are inundated with exposure noise all while the frequency and severity of bad actors is increasing exponentially. The need to generate true risk insights from security data has never been more apparent. With AEV, we provide organisations with a proactive, intelligence-driven approach to identify and mitigate exposures before they can be exploited. This enables security teams to shift from reactive security to a continuously validated, threat-informed defence strategy."

Through integrating DeepSurface's platform, organisations will be able to predict potential damage from attackers, offering a new level of validation concerning their cyber defensive infrastructure. The merger of these capabilities is positioned to allow customers to ensure that critical assets receive adequate protection.

The AEV framework is further poised to evolve with increased automation and ongoing testing of security controls in alignment with the CTEM framework. This initiative will support organisations in maintaining proactive defences and continuous validation, particularly as threats develop across cloud and on-premises infrastructures.

The acquisition underscores AttackIQ's commitment to broadening its portfolio of AEV solutions, which include offerings such as AttackIQ Enterprise for large-scale organisations, AttackIQ Ready! for medium and large entities, and AttackIQ Flex for individual users engaging in quick, ad-hoc adversarial testing.

Share on: