ScaleSec Consulting Client: AttackIQ

INDUSTRY

Technology

PRODUCTS

SaaS cyber security testing platform

LOCATION

Santa Clara, CA

ANNUAL REVENUE

$36.4M

Project Challenges

As the largest independent vendor in the breach and attack simulation (BAS) market, AttackIQ supports customers across a variety of industries including government, FSI, technology, manufacturing, and healthcare. These customers increasingly sought details about how AttackIQ addresses security themselves as part of due diligence of the supply chain. The Company needed a streamlined, more efficient way to communicate the details, rather than using clunky spreadsheets and questionnaires.

Insight

AttackIQ enlisted ScaleSec to review and validate AttackIQ’s robust business and platform security program, leveraging ScaleSec’s years of success helping clients meet SOC 2 compliance via deep AWS security expertise.

AttackIQ sought expert-to-expert consulting, and understood that a third-party audit against a recognized framework would build trust with enterprise procurement teams, thus accelerating sales. AttackIQ selected the SOC 2 compliance framework to communicate how they successfully manage the security, confidentiality, and availability of their platform.

Services Provided

First, the ScaleSec team examined the entire security posture of their cloud business ecosystem. Together the team reviewed minor modifications to deliver a more secure environment without a ton of retooling or long lead time. After that, the ScaleSec team applied our security assessment over the AICPA SOC 2 Trust Services Criteria (TSC) so that we could identify where theAttackIQ team could more clearly demonstrate the success verbiage needed to meet SOC 2 requirements. Further, we mapped the TSC to the NIST 800-53 and created a solid baseline of controls to allow AttackIQ to meet future compliance frameworks such as HIPAA and FedRAMP.

ScaleSec delivered the CloudSec Kickstart - SOC 2 engagement that included an interactive SOC 2 bootcamp, a platform security architecture review, and a SOC 2 compliance readiness assessment. The written report provided tailored analysis and recommendations to leverage AWS services and security features to reduce friction for developers and lower operating costs.

"Our business is security controls, so we already understood the SOC 2 criteria. ScaleSec showed us how to succeed with SOC 2 beyond just implementing the controls. The team provided expert guidance and support along the way."

Vinod PerisVP of Engineering | AttackIQ

Results / Impact / Highlights

AttackIQ ended their engagement with us with discrete and specific outcomes: they had a list of prioritized recommendations that they could pursue to optimize their containerized workloads on AWS; and they had a line-by-line list of executable directions to successfully demonstrate SOC 2 compliance. Finally, they had a brand new set of NIST-sourced controls for their company that would scale into the more comprehensive frameworks in preparation of pursuing additional markets.

"An independent SOC 2 attestation offers stronger assurance for our customers. I’m confident that we’ll be able to accelerate our sales cycles, particularly with customers in regulated industries. We definitely won’t miss answering security questionnaire spreadsheets."

Brandt MackeyVice President, Product | AttackIQ

AttackIQ

Project Challenges

Overview

Insight

Services Provided

Results / Impact / Highlights

Want to speak with a ScaleSec expert?