Review: AttackIQ FireDrill watches the watchers

This penetration testing tool is configured to operate from the inside, with the primary goal of identifying flaws, misconfigurations and outright shortcomings in all other cybersecurity defenses.

Nearly every cybersecurity program that has ever been reviewed by CSO has had one thing in common: its creators insist that they have the best product to watch over and protect network assets. Some are even interoperable with one another, so there is no reason not to have multiple defenses in place protecting networks. And yet, companies that have deployed multiple cybersecurity tools still get breached every day.

The problem might be one that Roman poet and satirist Juvenal pointed out back in the year 348 when he asked, “Quis custodiet ipsos custodes?” (“Who will guard the guards themselves?”) Juvenal’s point was that unless there is some kind of oversight, we only have the protectors' word that they are always acting in our best interest.

In cybersecurity, AttackIQ FireDrill was created to watch our watchers. It’s a penetration testing tool, but one that is configured to operate from the inside, with the primary goal of identifying flaws, misconfigurations and outright shortcomings in all other cybersecurity defenses. It can be used to pit various defenses against one another to see which works best for an environment, to discover areas where existing defenses unnecessarily overlap, or to identify bad configurations that are preventing security tools from properly operating.

The main FireDrill management console either sits in the cloud or can be installed locally on premises if an organization wishes. In addition to the main console, which is used to configure and deploy tests against protected assets as well as collecting those results, users will need to deploy agents. There are agents available for all forms of Windows and Mac OS systems, plus most flavors of Linux. Deploying those agents involves a fairly simple wizard-supported process to ensure that the right agents get to the correct assets.

FireDrill Agent Deploy John Breeden II

Because FireDrill is operating from inside the network, agents need to be deployed on assets to complete tests, though some agents are considered mobile and can bounce around from asset to asset. FireDrill supports all Windows and Mac OS configurations, as well as all flavors of Linux.

There are actually two types of agents: static and dynamic. The static agents install onto an asset and remain there forever. They are perfect for critical assets that always need to be protected. The dynamic agents can be installed on systems for specific tests and then can be removed or moved to other systems. One such use would be to periodically test non-critical assets, such as antivirus protections on endpoints. Most deployments end up being about 80 percent static agents and 20 percent dynamic, according to AttackIQ officials. Pricing for FireDrill is a tiered subscription model based on the number of agents used.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!