ATT&CK-Based Approach Examines Products’ Ability to Identify APT3 Threat

MCLEAN, Va., Nov. 29, 2018 (GLOBE NEWSWIRE) -- MITRE announced its first round of commercial cybersecurity product evaluations as part of an effort to help its government sponsors and industry make more informed decisions to combat security threats and advance industry threat detection capabilities.

The evaluations used the MITRE ATT&CK™ framework to report how endpoint detection and response (EDR) products from Carbon Black, CrowdStrike, CounterTack, Endgame, Microsoft, RSA, and SentinelOne identify techniques used by the threat actors known as APT3/Gothic Panda.

ATT&CK is a MITRE-developed knowledge base of adversary tactics and techniques based on real-world observations. ATT&CK can be used to find gaps in visibility, defensive tools, and processes so organizations can evaluate and select the right tools to improve their network defense. Organizations often use ATT&CK to prioritize their investments in security, focusing on the threats that are most important to them.

“With the creation of ATT&CK, MITRE is fulfilling its mission to solve problems for a safer world — by bringing communities together to develop more effective cybersecurity,” said Gary Gagnon, MITRE vice president for cybersecurity strategy and chief security officer. “From making the ATT&CK framework freely available; to bringing threat hunters, software product companies, and others in the cybersecurity community together at our first ATT&CKcon last month; to offering these evaluations on a rolling basis, we’re continually creating ways to help this community demystify the complexity that cyber attackers hide behind and improve its defenses.”

“The key here is transparency,” said Frank Duff, MITRE lead engineer for the evaluations program. “Organizations want to make informed decisions about the security solutions that they buy and deploy, and vendors want to better understand how to improve their own products. This evaluation program supports MITRE’s mission of providing objective insight, improving the cyber community’s overall security posture, and advancing overall threat detection capabilities.”

Vendor Perspective

Dustin Duran, general manager of EDR Research at Microsoft, said, “Microsoft is proud to work with MITRE on development of a more transparent and customer-centric approach to EDR product evaluation. Our participation in this evaluation continues to reinforce the benefits of the ATT&CK framework and provides valuable insights that will help us improve Windows Defender Advanced Threat Protection for our customers.”

Jared Phipps, vice president for worldwide sales engineering at SentinelOne, added, “MITRE is a long-established thought leader in cybersecurity who is not influenced by vendors or outside parties with their own agendas. The ATT&CK evaluation offers an impartial approach to evaluating security tool effectiveness against a specific APT campaign and brings the ATT&CK knowledge base into practical application.”

Scott Lundgren, chief architect at Carbon Black, said, “MITRE’s ATT&CK evaluation was transparent, well-organized, and executed with exceptional rigor — we need more evaluations with this mindset and approach. At Carbon Black, we believe that open and objective testing is critical to ensuring security efficacy, and we look forward to continuing our participation in reputable and independent third-party validations.”

Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer, said, “CrowdStrike believes third-party, independent testing of next-generation products is critical in defining the new standard in endpoint protection and helping customers better understand the capacities of the solutions they purchase. MITRE’s framework that goes beyond anti-malware testing to evaluate real-world attack detection capabilities against sophisticated threats, as well as its status as a not-for-profit, advances these goals. We urge others in the industry to adopt this comprehensive framework.”

Additional organizations are welcome to participate in ATT&CK evaluations through our ongoing rolling admissions. Companies currently participating in the rolling admissions portion of round one of evaluations include FireEye and Cybereason.

About ATT&CK
ATT&CK™ was created by MITRE’s internal research program from its own data and operations. ATT&CK is entirely based on published, open source threat information. Increasingly, ATT&CK is driven by contributions from external sources. To view published results of the endpoint detection and response product evaluations, visit attackevals.mitre.org/ or contact attackevals@mitre.org.

About The MITRE Corporation
MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our federally funded R&D centers and public-private partnerships, we work across government to tackle challenges to the safety, stability, and well-being of our nation. Learn more at MITRE.org.

Jeremy Singer
Strategic External Communications Lead
jsinger@mitre.org (781) 271-2412