Monday, November 25, 2024

Tips on how to interpret the MITRE Engenuity ATT&CK® Evaluations: Enterprise • Graham Cluley

How to interpret the MITRE Engenuity ATT&CK® Evaluations: Enterprise

Graham Cluley Safety Information is sponsored this week by the oldsters at Cynet. Because of the good workforce there for his or her assist!

George tubin
George Tubin, Director of Product Technique, Cynet

Thorough, impartial assessments are a significant useful resource as cybersecurity leaders and their groups consider distributors’ skills to protect in opposition to more and more subtle threats to their group. And maybe no evaluation is extra broadly trusted than the annual MITRE Engenuity ATT&CK Evaluations: Enterprise.

This analysis is vital for testing distributors as a result of it’s nearly inconceivable to judge cybersecurity distributors primarily based on their very own efficiency claims. Together with vendor reference checks and proof of worth evaluations (POV) — a reside trial — of their surroundings, the MITRE Engenuity outcomes add extra goal enter to holistically assess cybersecurity distributors.

On this piece, we’ll unpack MITRE Engenuity’s most up-to-date methodology to check safety distributors in opposition to real-world threats, provide our interpretation of the outcomes and determine the highest takeaways rising from the analysis of Cynet’s all-in-one safety resolution.

How does MITRE Engenuity check distributors throughout the analysis?
The MITRE Engenuity ATT&CK Analysis is carried out by MITRE Engenuity and assessments the endpoint safety options in opposition to a simulated assault sequence primarily based on real-life approaches taken by well-known superior persistent menace (APT) teams. The MITRE Engenuity ATT&CK Evaluations: Enterprise examined 29 vendor options by emulating the assault sequences of Turla, a classy Russia-based menace group recognized to have contaminated victims in over 45 nations.

An vital caveat is that MITRE doesn’t rank or rating vendor outcomes. As a substitute, the uncooked check knowledge is printed together with some fundamental on-line comparability instruments. Patrons then use that knowledge to judge the distributors primarily based on their group’s distinctive priorities and desires. The collaborating distributors’ interpretations of the outcomes are simply that — their interpretations.

So, how do you interpret the outcomes?
That’s a terrific query — one which lots of people are asking themselves proper now. The MITRE Engenuity ATT&CK Evaluations: Enterprise outcomes aren’t offered in a format that many people are used to digesting (taking a look at you, magical graph with quadrants).

And impartial researchers typically declare “winners” to lighten the cognitive load of determining which distributors are the highest performers. On this case, figuring out the “finest” vendor is subjective. Which, should you don’t know what to search for, can really feel like a trouble should you’re already annoyed with making an attempt to evaluate which safety vendor is the fitting match on your group.

With these disclaimers issued, let’s now evaluate the outcomes themselves to check and distinction how collaborating distributors carried out in opposition to Turla.

MITRE Engenuity ATT&CK Outcomes Abstract

The next tables current Cynet’s evaluation and calculation of all vendor MITRE Engenuity ATT&CK Evaluations: Enterprise check outcomes for a very powerful measurements: Total Visibility, Detection Accuracy, and Total Efficiency. There are a variety of different methods to have a look at the MITRE outcomes, however we take into account these to be most indicative of an answer’s means to detect threats.

Total Visibility is the full variety of assault steps detected throughout all 143 sub-steps. Cynet defines Detection High quality as the share of assault sub-steps that included “Analytic Detections – those who determine the tactic (why an exercise could also be occurring) or method (each why and the way the method is going on).

Moreover, it’s vital to have a look at how every resolution carried out earlier than the seller adjusted configuration settings on account of lacking a menace. MITRE permits distributors to reconfigure their techniques to try to detect threats that they missed or to enhance the data they provide for detection. In the actual world we don’t have the luxurious of reconfiguring our techniques on account of missed or poor detection, so the extra reasonable measure is detections earlier than configuration adjustments are applied.

How’d Cynet do?
Based mostly on Cynet’s evaluation, our workforce is happy with our efficiency in opposition to Turla within the 2023 MITRE Engenuity ATT&CK Evaluations: Enterprise, outperforming nearly all of distributors in a number of key areas. Listed below are our prime takeaways:

  • Cynet delivered 100% Detection (19 of 19 assault steps) with NO CONFIGURATION CHANGES
  • Cynet delivered 100% Visibility (143 of 143 assault sub-steps) with NO CONFIGURATION CHANGES
  • Cynet delivered 100% Analytic Protection (143 of 143 detections) with NO CONFIGURATION CHANGES
  • Cynet delivered 100% Actual-time Detections (0 Delays throughout all 143 detections)

Let’s dive a bit deeper into Cynet’s evaluation of among the outcomes.

Cynet’s all-in-one safety resolution was a prime performer when evaluating each visibility and detection high quality. This evaluation illustrates how effectively an answer does in detecting threats and offering the context essential to make the detections actionable. Missed detections are an invite for a breach, whereas poor high quality detections create pointless work for safety analysts or doubtlessly trigger the alert to be ignored, which once more, is an invite for a breach.

Cynet graphic 0


Cynet delivered 100% visibility and completely detected each one of many 143 assault steps utilizing no configuration adjustments.
The next chart exhibits the share of detections throughout all 143 assault sub-steps earlier than the distributors applied configuration adjustments. Cynet carried out in addition to two very massive, well-known, safety firms regardless of being a fraction of their measurement and much better than among the largest names in cybersecurity.

Cynet graphic 1

Cynet offered analytic protection for 100% of the 143 assault steps utilizing no configuration adjustments. The next chart exhibits the share of detections that contained vital normal, tactic or method info throughout the 143 assault sub-steps, once more earlier than configuration adjustments had been applied. Cynet carried out in addition to Palo Alto Networks, a $115 billion publicly traded firm with 50 occasions the variety of staff, and much better than many established, publicly traded manufacturers.

Cynet graphic 2

Nonetheless have questions?
On this on-demand webinar, Cynet CTO Aviad Hasnis and ISMG SVP Editorial Tom Discipline evaluate the newest MITRE ATT&CK outcomes and share skilled recommendation for cybersecurity leaders to search out the seller that most closely fits the particular wants of their group. In addition they unpack Cynet’s efficiency throughout the assessments and determine alternatives ot advance your workforce’s objectives with the all-in-one safety resolution.


In the event you’re eager about sponsoring my website for per week, and reaching an IT-savvy viewers that cares about cybersecurity, you’ll be able to discover extra info right here.


Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles