AttackIQ's Ready3 update includes expanded vulnerability detection capabilities

June 3, 2025
This release marks AttackIQ’s acquisition and integration of DeepSurface and transformation from a BAS platform into a full Adversarial Exposure Validation solution.

AttackIQ today announced the release of AttackIQ Ready3. With expanded discovery capabilities, Ready3 continuously maps both internal and external attack surfaces. Correlating asset discovery, vulnerability context, attack paths, and compensating controls, the platform helps security teams identify which vulnerabilities are truly exposed because existing defenses are failing to stop them.

This release marks AttackIQ’s completed acquisition and integration of DeepSurface and transformation from a Breach and Attack Simulation (BAS) platform into a full Adversarial Exposure Validation solution supporting Gartner CTEM. Ready3 moves security teams from point-in-time testing to a continuous, context-driven exposure management strategy.

“We’ve moved beyond BAS to deliver an AEV platform that continuously maps your attack surface, builds attack paths based on asset criticality and exposures, and identifies the vulnerabilities that are truly reachable and unprotected. Most importantly, it validates whether your controls can actually interdict the attacks your organization is facing," said Carl Wright, Chief Commercial Officer at AttackIQ.

What’s New in Ready3

Ready3 pinpoints exposed vulnerabilities using prescriptive test recommendations and validated exposure insights that factor in asset criticality, vulnerability context, and control effectiveness. Ready3 also prioritizes which assets and compensating controls will have the greatest impact on reducing the organization’s overall risk.

Ready3 offers:

  • Extended Discovery Capabilities: Continuous and point-in-time through agent-based scans, dissolvable agentless packages, and offline test points. Integrates with vulnerability tools to correlate CVEs with attacker techniques.
  • CTEM Integration: A new CTEM Status Workflow guides teams through the full lifecycle of Discovery, Prioritization, Validation, and Mobilization. The streamlined interface surfaces pending tasks at each step, enabling a repeatable, data-driven process that moves organizations beyond ad-hoc testing to continuous security improvement.
  • Surface Analysis: Consolidates recommendations, exposures, CVEs, and asset data into a single view. Automatically prescribes relevant adversary validation tests, ranks exposures by criticality, ingests CVE data from tools like Tenable and Rapid7, and displays each asset’s Exposure Management Score.
  • Exposure Management: Introduces validated exposures, real, reachable security gaps confirmed through adversary testing where existing controls failed. Teams can track and retest fixes using integrated “Validate Mitigations” workflows, focusing efforts on what truly matters.
  • Exposure Management Score (EMS): Quantifies how well an organization is identifying, validating, and remediating exposures. Real-time feedback shows how changes in testing frequency, coverage, and remediation affect overall posture.
  • Testing Recommendations: Automatically correlates discovery data with real-world attacker behaviors to generate prioritized, ready-to-run validation tests. Each recommendation includes rationale, urgency, and simple “Run Now” or “Dismiss” actions.

“Ready3 brings a new level of depth to discovery,” said George Tomic, Chief Development Officer at AttackIQ. “Security teams can now continuously map their entire attack surface, correlating assets, vulnerabilities, and misconfigurations across both native and third-party sources. That visibility lays the foundation for smarter testing, faster remediation, and a more resilient defense posture.”

For more information on AttackIQ Ready3, visit com/products/ready/.