Evo Graduate, AttackIQ Becomes First Breach and Attack Simulation Provider to Secure Continuous Authority to Operate from the United States Marine Corps Recruiting Command

Evo Graduate, AttackIQ Becomes First Breach and Attack Simulation Provider to Secure Continuous Authority to Operate from the United States Marine Corps Recruiting Command



Company achieves second Department of Defense continuous authorization to operate (cATO) enabling MCRC to develop a more strategic and proactive defense posture through continuous monitoring


BUSINESS WIRE / SANTA CLARA, CA / FEBRUARY 8TH, 2024 / AttackIQ®, the leading independent vendor of breach and attack simulation (BAS) solutions and founding research partner of MITRE Ingenuity Center for Threat-Informed Defense (CTID), today announced it has been granted a cATO by the U.S. Marine Corps Recruiting Command (MCRC). Senior officials granted this approval to launch the company’s BAS platform within the MCRC based on an in-depth, risk-based security assessment.

AttackIQ is the first BAS platform to receive this cATO designation. It will enable the USMC MCRC to move from a traditional risk management framework ATO, which does not provide for continuous monitoring of risk, to a cATO, which supports continuous active penetration testing. AttackIQ’s cATO was successfully granted a Moderate classification after a thorough, multi-phase process that began in 2023 and included several levels of evaluations and rigorous security assessments. AttackIQ collaborated with SDA Solutions, LLC., a provider of best-in-class IT operations, systems and security engineering, cybersecurity, and test and evaluation solutions, to launch the process.

“Using AttackIQ’s platform, we now know if the investments that we have made to protect our data are working and where we have gaps in coverage,” said Dr. Thurman Dubberly, Deputy CIO, Marine Corps Recruiting Command. “This data-driven visibility enables our security team to provide near real-time answers to questions such as whether or not we are vulnerable to the ‘named exploit of the day’ from our CIO or higher headquarters. It has allowed us to move beyond a compliance checklist, understand the real residual risk at which we operate, and prioritize our actions based on viable attack surface, instead of playing whack-a-mole.”

15 U.S. government agencies and organizations, including customers in the legislative branch, intelligence community, defense agencies, and numerous executive branch civilian agencies, trust AttackIQ’s platform to validate their security continuously and achieve a threat-informed defense at scale. AttackIQ has held an ATO with the U.S. Army since 2022, allowing them to use AttackIQ’s BAS platform to develop a more strategic and proactive defense posture across their mission-critical assets in support of warfighters around the globe.

“This cATO is a testament to AttackIQ’s ability to deliver the technology and knowledge our nation’s most critical organizations need to stay ahead of today’s rapidly evolving threat landscape,” said Carl Wright, Chief Commercial Officer at AttackIQ. “It has been a privilege to help the USMC validate the efficacy of existing security investments and prove beyond a shadow of a doubt that attack vectors have been closed and risk has been reduced.”

SOURCE: Allison Knight, 10Fold for AttackIQ via Business Wire

About AttackIQ

AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Breach and Attack Simulation Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. A proud member of the Microsoft Intelligent Security Association (MISA), the Company is committed to giving back to the cybersecurity community through its free award-winning AttackIQ Academy, open Preactive Security Exchange, and partnership with MITRE Engenuity’s Center for Threat-Informed Defense. For more information, visit www.attackiq.com. Follow AttackIQ on Twitter, Facebook, LinkedIn, and YouTube.

About EvoNexus

EvoNexus is California’s leading nonprofit technology startup incubator located in San Diego. EvoNexus has successfully incubated over 260 startups with a survival rate of over 85%. Since the incubator’s formation in 2010, EvoNexus companies have secured over $1.6B in venture funding, $10B in pre-exit valuation, and had 51 acquisitions valued at over $2.1B. EvoNexus is supported by corporate partners, including some of the largest multinational corporations in the world. Learn more at evonexus.org.