AttackIQ x ScaleSec Client Story

AttackIQ

Advising a Cybersecurity Leader on Their Internal Security Using SOC 2 Compliance Framework
INDUSTRY
Technology
PRODUCTS
SaaS cyber security testing platform
LOCATION
Santa Clara, CA
ANNUAL REVENUE
$36.4M

AttackIQ logo

PLATFORM

AWS


ASSIGNMENT

Apply security assessment over the AICPA SOC 2 Trust Services Criteria (TSC) to identify where client could clearly demonstrate the success verbiage needed to meet SOC 2 requirements. Map TSC to the NIST 800-53 and create baseline controls to meet future compliance frameworks such as HIPAA and FedRAMP.

Project Challenges

As the largest independent vendor in the breach and attack simulation (BAS) market, AttackIQ supports customers across a variety of industries including government, FSI, technology, manufacturing, and healthcare. These customers increasingly sought details about how AttackIQ addresses security themselves as part of due diligence of the supply chain. The Company needed a streamlined, more efficient way to communicate the details, rather than using clunky spreadsheets and questionnaires.

Overview

AttackIQ offers a SaaS-based solution that continuously evaluates the effectiveness of their customers' security controls. This unique platform offers dozens of solutions for real-world security scenarios including automated testing, control auditing, and software supply chain security.

Insight

AttackIQ enlisted ScaleSec to review and validate AttackIQ’s robust business and platform security program, leveraging ScaleSec’s years of success helping clients meet SOC 2 compliance via deep AWS security expertise.

AttackIQ sought expert-to-expert consulting, and understood that a third-party audit against a recognized framework would build trust with enterprise procurement teams, thus accelerating sales. AttackIQ selected the SOC 2 compliance framework to communicate how they successfully manage the security, confidentiality, and availability of their platform.

Services Provided

First, the ScaleSec team examined the entire security posture of their cloud business ecosystem. Together the team reviewed minor modifications to deliver a more secure environment without a ton of retooling or long lead time. After that, the ScaleSec team applied our security assessment over the AICPA SOC 2 Trust Services Criteria (TSC) so that we could identify where theAttackIQ team could more clearly demonstrate the success verbiage needed to meet SOC 2 requirements. Further, we mapped the TSC to the NIST 800-53 and created a solid baseline of controls to allow AttackIQ to meet future compliance frameworks such as HIPAA and FedRAMP.

ScaleSec delivered the CloudSec Kickstart - SOC 2 engagement that included an interactive SOC 2 bootcamp, a platform security architecture review, and a SOC 2 compliance readiness assessment. The written report provided tailored analysis and recommendations to leverage AWS services and security features to reduce friction for developers and lower operating costs.
bg-woman-phone-1221911038
"Our business is security controls, so we already understood the SOC 2 criteria. ScaleSec showed us how to succeed with SOC 2 beyond just implementing the controls. The team provided expert guidance and support along the way."
Vinod Peris, VP of Engineering | AttackIQ
Vinod PerisVP of Engineering | AttackIQ

Results / Impact / Highlights

AttackIQ ended their engagement with us with discrete and specific outcomes: they had a list of prioritized recommendations that they could pursue to optimize their containerized workloads on AWS; and they had a line-by-line list of executable directions to successfully demonstrate SOC 2 compliance. Finally, they had a brand new set of NIST-sourced controls for their company that would scale into the more comprehensive frameworks in preparation of pursuing additional markets.
"An independent SOC 2 attestation offers stronger assurance for our customers. I’m confident that we’ll be able to accelerate our sales cycles, particularly with customers in regulated industries. We definitely won’t miss answering security questionnaire spreadsheets."
Brandt Mackey, VP of Product / AttackIQ
Brandt MackeyVice President, Product | AttackIQ

Want to speak with a ScaleSec expert?

Want to optimize and transform your existing digital portfolio? Reach out to us.
Connect