Back to Newsroom

Cybereason Achieves 100% Prevention, Visibility and Real-Time Protection in 2022 MITRE Engenuity ATT&CK® Evaluations for Enterprise

Mar 31, 2022

Cybereason, the XDR company, today announced that the results of round four of the ATT&CK® Evaluations conducted by MITRE Engenuity affirm the superior prevention and detection capabilities of the AI-driven Cybereason XDR Platform. Cybereason achieved perfect scores in nearly every aspect of the evaluations, including:

--100% Prevention: Cybereason detected and prevented 100% of the 9 different attack sequences evaluated for both Windows and Linux

--100% Visibility: Cybereason exposed 100% of the 109 different attack behaviors evaluated for both Windows and Linux

--100% Real-Time Protection: Cybereason had zero delayed detections

--99% Analytical Coverage: Cybereason detections mapped back to the key ATT&CK techniques evaluated

--Minimal Configuration: Cybereason delivered out-of-the-box protection with minimal configuration changes required

Round 4 of the ATT&CK Evaluations highlights the efficacy of our NGAV and EDR capabilities in protecting against sophisticated attack techniques from threat actors like Sandworm and Wizard Spider. In addition, the Cybereason XDR Platform delivers AI-driven prevention, detection and predictive response protection that identifies and blocks advanced threats at the earliest stages of an attack.

The results from all four years of the ATT&CK Evaluations highlight how the Cybereason solutions map directly to the ATT&CK framework to deliver unparalleled detection of advanced threat actor Tactics, Techniques, and Procedures (TTPs). The superior out-of-the-box efficacy that the AI-driven Cybereason XDR Platform delivers means there is little need for solution configuration changes at deployment. Organizations can immediately benefit from exceptional real-time prevention and detection capabilities, automated and one-click predictive response options to stop the most advanced cyberattacks.

What the MITRE Engenuity ATT&CK Evaluation Results Mean to the Enterprise

Organizations are increasingly mapping their threat detection strategies to the ATT&CK framework, which provides a common language for Defenders to understand the range of techniques adversaries can use to gain initial access, escalate privileges, steal account credentials, move laterally in the targeted network, and ultimately to exfiltrate sensitive data or disrupt critical business operations. 

The MITRE Engenuity ATT&CK Evaluations reveal how vendors approach the same challenges in reducing the time required to identify, understand and respond to malicious actions before material damage occurs. We believe the results highlight the effectiveness of Cybereason under real-world conditions because:

--The AI-driven Cybereason XDR Platform identifies attacks earlier by correlating behavioral telemetry across the entire network, including the broad range of device types, user identities, application suites, cloud workloads and more.

--The Cybereason MalOp™ reduces mean time to detection and response (MTTD and MTTR) by immediately providing the complete attack story from root cause without the need for complex queries.

--Cybereason delivers actionable detections and predictive response across all measured MITRE ATT&CK evaluation categories without inundating analysts with a barrage of uncorrelated alerts.

“These results validate the superior detection and protection capabilities that Cybereason delivers against the most complex attack sequences,” said Cybereason CEO and Co-Founder Lior Div. “The ATT&CK framework is the go-to standard for assessing solution efficacy today, and we are proud of both our outstanding performance in all four years of the evaluations, and of our ongoing collaboration with MITRE CTID to further improve detection based on the most subtle of attacker behaviors. This is how we begin to defend forward as a community, stop relying so much on reactive approaches and take the fight to the adversary through behavior-oriented predictive response.”

Cybereason and MITRE Center for Threat-Informed Defense: Attack Flow Project

Cybereason also collaborates with MITRE Center for Threat-Informed Defense (CTID) on the Attack Flow Project, which seeks to develop a common data format for describing sequences of adversary behavior in order to improve defensive capabilities. The goal of the Attack Flow Project is to generate a machine-readable representation of a sequence of attacker actions and context along with specific descriptive attributes of those actions and assets composed of five main objects: the flow itself, a list of actions, a list of assets, a list of knowledge properties, and a list of causal relationships between the actions and assets.

Cybereason joined the Center as a Research Participant to conduct research and development to support further evolution of the MITRE Engenuity ATT&CK framework. Cybereason and the Center work to provide Defenders with a deep understanding of adversary tradecraft and advances in the development of countermeasures for prevention, detection and response to complex threats.

“Defenders often have to track adversary techniques individually, meaning they can only focus on one specific activity at a time, but adversaries use complex sequences in their attack flows to hide in the network seams and avoid detection until it’s too late,” said Sam Curry, Cybereason CSO. “Being able to understand the context and correlations across those sequences by chaining together the otherwise disparate Indicators of Behavior (IOBs), allows Defenders to surface complex attacks earlier in the attack sequence and creates the opportunity to respond faster as threats are emerging.”

Cybereason is dedicated to teaming with Defenders to end attacks across the enterprise to anywhere the battle is taking place. Contact us today to learn how your organization can benefit from an operation-centric approach through the AI-driven Cybereason XDR Platform.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation. MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

About Cybereason

Cybereason is the XDR company, partnering with Defenders to end attacks at the endpoint, in the cloud and across the entire enterprise ecosystem. Only the AI-driven Cybereason XDR Platform provides planetary-scale data ingestion, operation-centric MalOp™ detection, and predictive response that is undefeated against modern ransomware and advanced attack techniques. Cybereason is a privately held international company headquartered in Boston with customers in more than 40 countries.

Media contact: 

Bill Keeler 

Senior Director, Global Public Relations 


+1 (929) 259-3261