AttackIQ, the leading vendor of Adversarial Exposure Validation (AEV) solutions and founding research partner of the MITRE Center for Threat-Informed Defense (CTID), announced on February 4 the acquisition of DeepSurface, a security posture management and vulnerability prioritization company.
“This acquisition enables us to rapidly extend our traditional breach and attack simulation (BAS) use case to now include AEV and help organizations programmatically pivot to Cyber Threat Exposure Management (CTEM),” said Brett Galloway, CEO of AttackIQ.
AEV is a cybersecurity framework that continuously emulates real-world cyberattacks to test and validate an organization’s security posture. AEV leverages automated tools to emulate the tactics, techniques, and procedures (TTPs) used by adversaries, allowing organizations to identify and remediate exposures — security controls that aren’t working and critical assets that are exposed to attack by those failed controls.
“Security teams are inundated with exposure noise all while the frequency and severity of bad actors is increasing exponentially. The need to generate true risk insights from security data has never been more apparent,” said Carl Wright, chief commercial officer at AttackIQ. “With AEV, we provide organizations with a proactive, intelligence-driven approach to identify and mitigate exposures before they can be exploited. This enables security teams to shift from reactive security to a continuously validated, threat-informed defense strategy.”
DeepSurface’s security posture management platform that contextualizes vulnerabilities and attack paths within customer environments will be integrated with AttackIQ’s market-leading Breach and Attack Simulation Platform, enabling organizations to predict where an attacker could cause the most damage. The combination of these two capabilities will allow customers to easily validate if critical assets are effectively protected by the customer’s cyber defensive infrastructure.
AEV marks a significant step forward in how organizations defend themselves against cyber threats. The future of AEV will focus on increased automation and continuous real-world testing of security controls, aligning closely with the CTEM framework. As organizations adopt CTEM, AEV will play a crucial role in providing ongoing, scalable validation across all attack surfaces, particularly in complex cloud environments. This integration will enable security teams to maintain a proactive stance, continuously validating their defenses as threats evolve in both on-premises and cloud infrastructures.
Source: AttackIQ
Like IC News? Then please consider subscribing. You’ll get full access to our searchable library of 10,000+ articles, plus new articles each weekday.
By 
