Cynet’s Guide helps companies navigate the MITRE ATT&CK results and vendor reviews by discussing:
- The MITRE ATT&CK evaluation approach – what it is and, importantly, what it is not
- The methodology used for the 2020 attack simulation of Carbanak and FIN7 threat sequences
- Practical advice for leverage the results to evaluate endpoint detection solutions
- Important considerations to consider beyond the evaluation results
- Cynet performance versus select competitive solutions
The Practical Guide to the MITRE ATT&CK Evaluation – Carbanak and FIN7 Edition
With hundreds of cybersecurity products to choose from, the task of evaluating competing solutions is extremely time consuming and overly daunting. While virtually every buyer should ultimately speak to several vendor reference clients and run a proof of value (POV) evaluation – a live trial – in their environment, deciding which products to put in the evaluation mix is in itself difficult. The product selection exercise is only exacerbated with the tremendous reach of digital media where we are overrun with incessant, and sometimes confusing, vendor messaging and positioning.
Fortunately, along came MITRE with a testing methodology to objectively evaluate endpoint security solutions based on the highly regarded MITRE ATT&CK framework. The evaluation tests the endpoint protection solutions against a simulated attack sequence based on real-life approaches taken by well-known APT groups. The most recent MITRE ATT&CK evaluation included 29 vendor solutions using attack sequences based on the Carbanak and FIN7 threat groups.
It’s important to note that MITRE does not rank or score vendor results. Instead, the raw test data is published along with some basic online comparison tools. Buyers can use the data to evaluate the vendors as they see fit based on their company’s unique priorities and needs. Without vendors placed on a familiar four quadrant matrix or ranked using some analyst methodology, how does one leverage the results for vendor selection?
Key Cynet Performance Takeaways
- Cynet achieved 100% visibility and detection across each of the 20 MITRE ATT&CK steps evaluated, including 10 on both days of testing. Cynet detected 96% of the techniques presented in the MITRE ATT&CK® Evaluation, demonstrating the platform’s ability to provide visibility and protection across the entire ATT&CK® Kill Chain.
- Cynet utilized the greatest number of data sources among vendors evaluated, exhibiting our ability to detect and protect attack more attack vectors before damage can be done. Simply put, the more data sources used, the more visibility.
- Cynet has achieved a 100% detection and protection rate for the Linux platform. With the widespread and increasing deployment of Linux and Mac operating systems, providing full protection beyond Windows machines is not an option.
- Cynet was among the top performers of all participating vendors in speed of protection. Preventing detected threats as early as possible in the attack lifecycle is critical in order to deny the adversary a foothold into your environment.
- Cynet prevented over 60 attacks before further infiltration could take place in the test environment. Among participating companies, Cynet’s prevention capabilities were among the top performers.
Learn more about how to use the MITRE Evaluation results for your organization
As every company is different in many ways, vendor selection is not a one size fits all methodology. This guide provides advice and considerations for leveraging the MITRE ATT&CK results as one component of your vendor selection criteria to determine which vendor best aligns with your specific needs.