This year’s evaluation emulated threat groups Carbanak and FIN7, who are known to attack banks, retail, and the hospitality sectors. As adversaries who attack financial organizations, it’s not surprising that the evaluation tested stealthy techniques including scripting, obfuscation, “living off the land” and -- new this year -- attacks against Linux systems.
Get the highlights of the Cybereason Defense Platform below.
MITRE ATT&CK has quickly emerged as the industry standard framework for EDR & XDR. Each year, vendors submit their solutions for evaluation of mapping and effectiveness against the ATT&CK framework. MITRE recently concluded Round 3 (R3) of their evaluations. This iteration of the ATT&CK evaluations focused on emulating the Carbanak and FIN7 threat actor groups, which primarily target large financial services, retail, restaurant, and hospitality institutions.
Not every vendor participated in the protection portion of the evaluation, meaning the solution likely lacks the ability to block malicious executions. Preventing advanced malicious activity greatly reduces the threat surface and ability of attackers to exploit, escalate and exfiltrate data over time.
The Cybereason platform reliably prevents more threats and most effectively ends cyber attacks.
54 attacker techniques were in the scope of the R3 ATT&CK evaluation, which tested vendor’s abilities to defend against advanced malware, living-off-the-land techniques, lateral movement and command & control activities.
The Cybereason platform had coverage of 100% of techniques within the scope of the evaluation - meaning enriched, correlated and comprehensive detections.
New to R3 was expansion beyond Windows capabilities to include protection and detection on Linux-based systems. Feature parity across operating systems both new and old is a known challenge in the industry. What works great in Windows often doesn’t function in Mac or Linux.
The Cybereason platform delivers repeatable, trusted results across varying OS configurations.
It’s not uncommon for vendors to put their best foot forward and submit a highly adjusted, custom-configured and amplified version of their product for the ATT&CK evaluation. Cybereason had among the lowest number of special configurations to the solution evaluated in the R3 of ATT&CK - with 94% of ATT&CK detections generated without additional required tuning.
Defenders can expect high-fidelity detections against the ATT&CK framework from the out-of-the-box (OOTB) Cybereason solution.
In addition to analyzing the depth of the detection in evaluations (telemetry, tactic, technique), ATT&CK detections are also differentiated by delayed vs. real-time. Broad mapping against ATT&CK may mean eventual visibility, but that visibility is tainted by the delay and security teams are late to act for response and recovery.
The Cybereason platform generated 99% of ATT&CK detections in real-time - meaning defenders see adversary activity as it occurs and before escalation.
Join us as we boil down the complexity of the MITRE ATT&CK framework so your organization can understand what’s next.Attend the Webinar
This 1-pager dives into how MITRE delineates detections by strength, and the layers and detail on a particular threat.Read the 1-Pager
Read our blog to learn more about the 2020 evaluation of 30 security vendors.Read the Blog