Startup AttackIQ's FireDrill Technology Replicates Attacks to Thwart Them

Sometimes the best way to fight an enemy is to get inside his mind. That’s the idea behind new security technology from Startup AttackIQ, which replicates attacks in order to understand how they work so it can protect against them.

The flagship technology of the San Diego-based vendor, which recently emerged from Stealth, is called FireDrill, and it provides a new approach to security testing, AttackIQ CEO Stephan Chenette said in a blog post on the company’s website. FireDrill allows companies to replicate the effects of an attacker on a network to proactively find the security gaps, get an accurate measure of a company’s security posture and improve resiliency, he said.

“Let’s all say it together again, you cannot improve your security unless you can pinpoint your weakest link and your weakest link is not theoretical, it’s found by running attack scenarios that identify the gaps on your unique network,” he said.

Chenette, who has more than 15 years of experience in the IT security industry, said the company’s technology was inspired by a 1993 security research paper by Dan Farmer and Wietse Venema entitled “Improving the Security of Your Site by Breaking Into It,” which took an offensive approach to improving the defensive gaps of their own systems.

He said a key point from the paper was that companies not only need to understand the techniques, tools and tactics of the attackers, but also be able to replicate against their own systems on their own networks, identify them and then continually formulate a holistic mitigation strategy, he said in the post.

FireDrill is a hosted service with a console and platform that companies can integrate into their infrastructure either running inside of the network in “agentless” mode or in “agent” mode for more concise testing on the hosts that need to be validated and tested. Both modes can work together to assess both network and host level security gaps, misconfiguration and validations, according to Chenette.

The technology takes four key steps to assess the security of a network. It tests by running relevant scenarios related to adversarial modeling, validation and security control testing on a network in a safe and controlled manner, Chenette said.

FireDrill continuously collects intelligence and analyzes current attack techniques, tactics and procedures to update the scenario library and then lets security teams run up-to-date attack scenarios, analyze results and create prioritized actionable reports.

FireDrill also measures security gaps with real-time visibility that finds security holes in a network and automatically generates reports based on those issues, Chenette said. Finally, it helps a company improve its security posture by providing reports that detail which vectors make companies susceptible to attack and provide detailed recommendations from the platform outlining exactly must be done to improve weak network segments.

AttackIQ is offering companies a free two-week trial of FireDrill as part of their initial launch.