Thorough, impartial assessments are an important useful resource for analyzing supplier’s capabilities to protect in opposition to more and more subtle threats to their group. And maybe no evaluation is extra broadly trusted than the annual MITER Engenuity ATT&CK Evaluation.
This testing is crucial for evaluating distributors as a result of it’s nearly unattainable to guage cybersecurity distributors primarily based on their very own efficiency claims. Together with vendor reference checks and proof of worth evaluations (POV) — a stay trial — the MITRE outcomes add extra goal enter to holistically assess cybersecurity distributors.
Let’s dive into the 2023 MITRE ATT&CK Analysis outcomes. On this weblog, we’ll unpack MITRE’s methodology to check safety distributors in opposition to real-world threats, supply our interpretation of the outcomes and establish high takeaways rising from Cynet’s analysis.
How does MITRE Engenuity check distributors through the analysis?
The MITRE ATT&CK Analysis is carried out by MITRE Engenuity and assessments endpoint safety options in opposition to a simulated assault sequence primarily based on real-life approaches taken by well-known superior persistent menace (APT) teams. The 2023 MITRE ATT&CK Analysis examined 31 vendor options by emulating the assault sequences of Turla, a complicated Russia-based menace group identified to have contaminated victims in over 45 nations.
An essential caveat is that MITRE doesn’t rank or rating vendor outcomes. As an alternative, the uncooked check knowledge is printed together with some fundamental on-line comparability instruments. Patrons then use that knowledge to guage the distributors primarily based on their group’s distinctive priorities and desires. The taking part distributors’ interpretations of the outcomes are simply that — their interpretations.
So, how do you interpret the outcomes?
That’s an excellent query — one which lots of people are asking themselves proper now. The MITRE ATT&CK Analysis outcomes aren’t offered in a format that many people are used to digesting (taking a look at you, magical graph with quadrants).
And impartial researchers typically declare “winners” to lighten the cognitive load of determining which distributors are the highest performers. On this case, figuring out the “best” vendor is subjective. Which, when you don’t know what to search for, can really feel like a trouble when you’re already annoyed with making an attempt to evaluate which safety vendor is the correct match on your group.
With these disclaimers issued, let’s now assessment the outcomes themselves to match and distinction how taking part distributors carried out in opposition to Turla.
MITER ATT&CK Outcomes Abstract
The next tables current Cynet’s evaluation and calculation of all vendor MITRE ATT&CK check outcomes for a very powerful measurements: Total Visibility, Detection Accuracy, and Total Efficiency. There are lots of different methods to take a look at the MITRE outcomes, however we take into account these to be most indicative of an answer’s means to detect threats.
Total Visibility is the full variety of assault steps detected throughout all 143 sub-steps. Cynet defines Detection High quality as the share of assault sub-steps that included “Analytic Detections – those who establish the tactic (why an exercise could also be taking place) or approach (each why and the way the approach is going on).
Moreover, it’s essential to take a look at how every resolution carried out earlier than the seller adjusted configuration settings because of lacking a menace. MITRE permits distributors to reconfigure their methods to try to detect threats that they missed or to enhance the knowledge they provide for detection. In the actual world we don’t have the posh of reconfiguring our methods because of missed or poor detection, so the extra lifelike measure is detections earlier than configuration modifications are carried out.
How’d Cynet do?
Primarily based on Cynet’s evaluation, our workforce is happy with our efficiency in opposition to Turla on this yr’s MITRE ATT&CK Analysis, outperforming the vast majority of distributors in a number of key areas. Listed below are our high takeaways:
- Cynet delivered 100% Detection: (19 of 19 assault steps) with NO CONFIGURATION CHANGES
- Cynet delivered 100% Visibility: (143 of 143 assault sub-steps) with NO CONFIGURATION CHANGES
- Cynet delivered 100% Analytic Protection: (143 of 143 detections) with NO CONFIGURATION CHANGES
- Cynet delivered 100% Actual-time Detections: (0 Delays throughout all 143 detections)
See the complete evaluation of Cynet’s performance in the 2023 MITRE ATT&CK Evaluation.
Let’s dive slightly deeper into Cynet’s evaluation of a number of the outcomes.
Cynet was a high performer when evaluating each visibility and detection high quality. This evaluation illustrates how nicely an answer does in detecting threats and offering the context essential to make the detections actionable. Missed detections are an invite for a breach, whereas poor high quality detections create pointless work for safety analysts or doubtlessly trigger the alert to be ignored, which once more, is an invite for a breach.
Cynet delivered 100% visibility and completely detected each one of many 143 assault steps utilizing no configuration modifications. The next chart exhibits the share of detections throughout all 143 assault sub-steps earlier than the distributors carried out configuration modifications. Cynet carried out in addition to two very massive, well-known, safety corporations regardless of being a fraction their measurement and much better than a number of the largest names in cybersecurity.
Cynet offered analytic protection for 100% of the 143 assault steps utilizing no configuration modifications. The next chart exhibits the share of detections that contained essential tactic or approach data throughout the 143 assault sub-steps, once more earlier than configuration modifications have been carried out. Cynet carried out in addition to Palo Alto Networks, a $76 billion publicly traded firm with 50 instances the variety of workers and much better than many established, publicly traded manufacturers.
Nonetheless have questions?
In this webinarCynet CTO Aviad Hasnis and ISMG SVP Editorial Tom Subject assessment the just lately launched outcomes and share professional recommendation for cybersecurity leaders to interpret the outcomes to search out the seller that most closely fits the precise wants of their group. He’ll additionally share extra particulars on Cynet’s efficiency through the assessments and the way that might translate to your workforce’s distinctive objectives.
Creator: George Tubin, Director of Product Technique, Cynet
Unique Publish URL: https://www.cyberdefensemagazine.com/how-to-interpret-the-2023-mitre-attck-evaluation-results/