AttackIQ releases Flex 3.0 with Splunk integration

AttackIQ has introduced Flex 3.0, a security control validation tool that works without agents and includes native integration with Splunk.

The new iteration, named Flex 3.0, enhances AttackIQ's suite by providing agentless adversary emulation, which can operate universally to deliver immediate insights into the efficacy of security controls. This inclusion aims to help organisations rapidly detect weaknesses in their security systems.

Flex 3.0 also features AI-generated Yara and Sigma detection rules, aimed at augmenting organisations' detection capabilities. With these new tools, security teams can advance their detection rules by basing them on adversary emulations, thereby identifying gaps in a more streamlined manner.

The partnership with Splunk is designed to facilitate a smooth user experience by embedding the testing outcomes directly into the Splunk interface through a native integration with Flex. This feature supports security teams in diagnosing detection gaps with greater precision.

Carl Wright, Chief Commercial Officer at AttackIQ, commented on the significance of detection strategies when preventive measures falter. "When prevention fails, detection becomes your last line of defense in catching adversaries before full-blown incident response is required," he stated. "We're excited to partner with Splunk to bring Flex 3.0 to their customers worldwide, empowering them to strengthen their security posture with seamless, real-time detection and validation capabilities. Already, organizations using BAS have reported significant improvements, with a 37% increase in analyst efficiency and a 44% reduction in costs related to security breaches."

The original Flex service provides prompt security performance metrics and suggestions for mitigation, enabling organisations to perform detailed security validation without incurring ongoing costs or dealing with complicated deployments.

Flex 3.0 is equipped to keep pace with emerging threats by including out-of-the-box tests developed from the latest adversary research. These tests impart essential insights regarding detection and prevention from security controls, integrating directly into Security Information and Event Management (SIEM) systems for sustained monitoring and analysis.

AttackIQ's integration aims at addressing a vital need for effective detection in the face of evolving cyber threats. Current data indicates significant challenges, with organisations typically taking an average of ten days to detect an attacker, while adversaries may achieve their objectives in just a few hours. Despite this, many organisations have outdated threat detection systems, highlighting the importance of detection as a protective barrier against full incident response scenarios.

The complexities of implementing effective detection, which often involves managing numerous detection requirements across different teams, remains a hurdle. Security professionals face the challenge of crafting and verifying detection rules which can lead to oversights, particularly concerning the tactics, techniques, and procedures (TTPs) employed by cyber adversaries. Flex 3.0 addresses these gaps by offering an efficient and precise method for enhancing threat detection strategies.