The annual MITRE Engenuity ATT&CK Evaluation is a crucial testing process for evaluating cybersecurity vendors and their capabilities to defend against sophisticated threats. This evaluation provides objective insights into vendors’ performance, which is otherwise difficult to assess based on their own claims. In addition to vendor reference checks and proof of value evaluations, the MITRE results offer an additional assessment to comprehensively evaluate cybersecurity vendors.
The MITRE ATT&CK Evaluation, conducted by MITRE Engenuity, tests endpoint protection solutions by simulating attack sequences based on real-life approaches used by advanced persistent threat (APT) groups. In the 2023 evaluation, 31 vendor solutions were tested against the attack sequences of Turla, a Russia-based threat group known for infecting victims in over 45 countries.
It is important to note that MITRE does not rank or score vendor results. Instead, the raw test data is published, along with basic online comparison tools, allowing buyers to evaluate vendors based on their unique priorities and needs. The participating vendors’ interpretations of the results are subjective.
Interpreting the results of the MITRE ATT&CK Evaluation can be challenging, as they are not presented in a familiar format. Independent researchers often designate “winners” to simplify the process, but in this case, identifying the “best” vendor is subjective and depends on specific requirements.
The results of the evaluation are analyzed and calculated by various organizations, including Cynet, to assess the vendors’ performance in three important measurements: Overall Visibility, Detection Accuracy, and Overall Performance. These measurements are considered indicative of a solution’s ability to detect threats effectively.
Cynet’s analysis shows that it outperformed the majority of vendors in several key areas. The company achieved 100% detection, visibility, and analytic coverage without any configuration changes. These results highlight Cynet’s effectiveness in detecting threats, providing context for detections, and performing in real-time.
Cynet’s performance in both visibility and detection quality was commendable. The analysis demonstrates the solution’s ability to detect threats accurately and provide actionable information. Cynet’s performance was on par with well-known security companies, despite being smaller in size.
In terms of visibility, Cynet achieved 100% detection across all 143 attack sub-steps without any configuration changes. This performance was comparable to that of larger security companies and better than some prominent names in cybersecurity.
Cynet also provided analytic coverage for 100% of the 143 attack steps without configuration changes. The company’s performance in this aspect was on par with Palo Alto Networks, a significantly larger company, and outperformed many established brands in the industry.
For those seeking more information on the results, Cynet’s CTO Aviad Hasnis and ISMG SVP Editorial Tom Field conducted a webinar to review the recently released results. The webinar aimed to help cybersecurity leaders interpret the results and find the vendor that best fits their organization’s needs.
In conclusion, the MITRE ATT&CK Evaluation serves as a valuable resource for evaluating cybersecurity vendors in their ability to defend against sophisticated threats. Cynet’s performance in the evaluation showcased its exceptional detection capabilities, visibility, and analytic coverage without any configuration changes. This performance positions Cynet as a top performer in the industry, offering organizations reliable and effective cybersecurity solutions.