According to market predictions, in 2015, the total market for cyber-security products reached an astronomical $75 billion. That figure represents the total spent on packages, appliances, subscriptions, training, and consultancy, all bought with the intent of protecting critical IT infrastructure from external and internal threats.
At the same time, it’s been an ongoing challenge to validate the effectiveness of these products, without incurring the expense of hiring someone to test them. One product that tries to answer this is FireDrill, by the San Diego-based AttackIQ.
FireDrill is essentially a platform that allows companies validate whether their security infrastructure is working by running automated tests that mimic real-world scenarios, and by gathering metrics for later analysis.
The package ships with a number of pre-built scenarios. These largely fall into two camps. The first validates that things are working correctly (if SSL certificates valid, etc). The second camp is attack scenarios, which mimic all levels of an attack chain from persistence, lateral movement to exfiltration over one or more assets and network segments.
What’s interesting about these is that they can mimic the behavior of a threat – like Ransomware, or someone exfiltrating data from an internal system to an FTP server – without actually experiencing the negative effects of those behaviors.
The idea being that you can test your readiness for those particular attacks, without actually having your file-system encrypted, or your customer database being leaked to PasteBin.
The platform allows users to create their own scenarios, which would represent the security threats they are likely to face in their business. Although it isn’t mandatory, these scenarios can also be shared with the FireDrill community through a marketplace of sorts. AttackIQ have created FireDrill with the intent of creating an open platform.
It’s worth emphasizing that FireDrill isn’t a threat-intelligence product, like AlienVault’s OTX. Rather, it exists as a platform to apply threat-intelligence.
Perhaps the biggest strength of FireDrill is that it permits continuous validation of security infrastructure. It can run scheduled or constant tests, and continuously gather metrics on the effectiveness of a given system. This is a compelling alternative to one-off testing.
FireDrill’s pricing model is subscription based, with the cost increasing per deployed endpoint. The majority of customers (over 98%) have chosen to subscribe to its cloud deployment version, with very few choosing to deploy it on-premises.
Although AttackIQ has existed since 2013, it’s kept a low-profile. Until January of this year, the company was in stealth mode. During this time, it was able to attract 65 different customers, with a significant number being in the energy and education sector.
Leading AttackIQ is CEO and founder Stephan Chenette, who has a pedigree in security research. Chenette founded the company after leaving IOActive, where he was Director of Research. Prior to that, he worked at Internet-filtering company WebSense, where he was responsible for running the research labs. His work experience has also included stints working in defense contracting, and for eEye, which was acquired by BeyondTrust in 2012.
Like any growing company, AttackIQ is hungry for investment. In 2015, it took a convertible note worth $1 million from several key players in the security industry. According to Stephan Chenette, AttackIQ is still looking for additional investors. More than funds, he says, it’s looking for someone who can help AttackIQ grow through partnerships with consultancies and other vendors.
Breaking The Fourth Wall
Perhaps the biggest strength of FireDrill is that it offers something few vendors do – the ability to test that security infrastructure is working correctly. It provides assurance, backed up with real-world metrics.
The downside of this is that FireDrill exists in a brave new market. Whilst this market hasn’t been proven yet, we don’t envisage the company should have much trouble convincing CISOs, CTOs, and consultancies of their value proposition. In fact, we predict this space of assuring the effectiveness of security tools will grow significantly over the coming months as more vendors are added to the mix. Current startups which have similar offerings include vThreat, Picus, and Safebreach.
As a young company with aspirations of expansion, AttackIQ could benefit from engaging in as many partnerships with consultancies as possible. This would allow them to benefit from leveraging their relationships, networks, and experiences, and get their product in front of as many potential buyers as possible.