Key Customer Facts
- - Location: Santa Clara, CA
- - Size: 87 employees
- - Industry: CyberSecurity Software
- - Use case: Automated security assessment tool
- - Website: https://attackiq.com/
- As the largest independent vendor in the breach and attack simulation (BAS) market, AttackIQ supports customers across a variety of industries including government, FSI, technology, manufacturing, and healthcare. These customers increasingly sought details about how AttackIQ addresses security themselves as part of due diligence of the supply chain. The Company needed a streamlined, more efficient way to communicate the details, rather than using clunky spreadsheets and questionnaires.
AttackIQ offers a SaaS-based solution that continuously evaluates the effectiveness of their customers' security controls. This unique platform offers dozens of solutions for real-world security scenarios including automated testing, control auditing, and software supply chain security.
AttackIQ enlisted ScaleSec to review and validate AttackIQ’s robust business and platform security program, leveraging ScaleSec’s years of success helping clients meet SOC 2 compliance via deep AWS security expertise.
AttackIQ sought expert-to-expert consulting, and understood that a third-party audit against a recognized framework would build trust with enterprise procurement teams, thus accelerating sales. AttackIQ selected the SOC 2 compliance framework to communicate how they successfully manage the security, confidentiality, and availability of their platform.
First, the ScaleSec team examined the entire security posture of their cloud business ecosystem. Together the team reviewed minor modifications to deliver a more secure environment without a ton of retooling or long lead time. After that, the ScaleSec team applied our security assessment over the AICPA SOC 2 Trust Services Criteria (TSC) so that we could identify where theAttackIQ team could more clearly demonstrate the success verbiage needed to meet SOC 2 requirements. Further, we mapped the TSC to the NIST 800-53 and created a solid baseline of controls to allow AttackIQ to meet future compliance frameworks such as HIPAA and FedRAMP.
ScaleSec delivered the CloudSec Kickstart - SOC 2 engagement that included an interactive SOC 2 bootcamp, a platform security architecture review, and a SOC 2 compliance readiness assessment. The written report provided tailored analysis and recommendations to leverage AWS services and security features to reduce friction for developers and lower operating costs.
Our business is security controls, so we already understood the SOC 2 criteria. ScaleSec showed us how to succeed with SOC 2 beyond just implementing the controls. The team provided expert guidance and support along the way.--Vinod Peris, VP of Engineering, AttackIQ
Results / Impact / Highlights
AttackIQ ended their engagement with us with discrete and specific outcomes: they had a list of prioritized recommendations that they could pursue to optimize their containerized workloads on AWS; and they had a line-by-line list of executable directions to successfully demonstrate SOC 2 compliance. Finally, they had a brand new set of NIST-sourced controls for their company that would scale into the more comprehensive frameworks in preparation of pursuing additional markets.
An independent SOC 2 attestation offers stronger assurance for our customers. I'm confident that we’ll be able to accelerate our sales cycles, particularly with customers in regulated industries. We definitely won't miss answering security questionnaire spreadsheets.-- Brandt Mackey, VP of Customer Success and Field Engineering, AttackIQ