We are constantly adding new integrations to the list of 300+ tools with which D3 works to automate and orchestrate security operations. One of the most exciting technology partnerships we’ve formed in recent months has been with AttackIQ, a security optimization platform that provides a unique service that is missing in many security environments. AttackIQ runs adversary emulations—simulated attacks that test the effectiveness of your security controls.
Through the integration between D3 NextGen SOAR and AttackIQ, these emulations can be automated via D3 playbooks, with the results reported back into the playbook. The D3 user can then orchestrate the steps needed to close any identified vulnerabilities. The result is an optimally streamlined workflow for maintaining an up-to-date and effective security posture.
AttackIQ is closely aligned with the MITRE Corporation and its ATT&CK Framework. In fact, they are a founding member of MITRE Engenuity’s Center for Threat-Informed Defense, a MITRE organization that brings together the best cybersecurity researchers to conduct applied research and development to improve cyberdefense.
The ATT&CK Framework is at the heart of AttackIQ’s platform, just like it is for D3. AttackIQ uses ATT&CK TTPs to categorize adversary methods in a way that can be universally understood across platforms. With D3 and AttackIQ both using ATT&CK, the joint solution is perfectly aligned.
Every security team wants to make sure their security tools are set up to detect dangerous attacks, but most organizations don’t have the resources to run regular tests. With D3 and AttackIQ, you can run simulations of the attack types you’re most concerned about, either ad hoc or in a recurring scheduled playbook.
D3 can ingest the results of the simulation and orchestrate the next steps. This might include sending notifications to system administrators, or it might leverage D3’s 300+ other integrations to gather more information and update tool configurations.
The integration between D3 and AttackIQ means that attack simulations require minimal resources to run—even at frequent intervals—and the results can be rapidly acted upon.
Even when security teams have the resources to test security tools, it can be hard to determine what types of attacks to focus on. How do you know what you aren’t capturing, and what might pose the greatest risk?
Another benefit of integrating D3 and AttackIQ—two platforms that leverage the MITRE ATT&CK Framework—is that it helps you easily prioritize attack types. D3 correlates incoming events against ATT&CK TTPs, which feeds into D3’s Monitor Dashboard. On this dashboard, analysts can see the prevalence of each ATT&CK technique in their environment, immediately revealing the most frequent types of attacks they are facing. This information can then be used to schedule AttackIQ assessments of those attacks using an automated playbook. The integration helps security teams efficiently focus their resources on the most high-risk threats to make sure they are being handled properly.
There are many use cases for the joint solution of D3 NextGen SOAR and AttackIQ. For example, we recently built a playbook that used AttackIQ to simulate known IoCs found in the SunBurst malware attack. You can read about that in our recent whitepaper about SunBurst.