Why I’m Ecstatic About the MITRE ATT&CK Results

Share and earn Cybytes
Facebook Twitter LinkedIn Email

Yesterday, MITRE published the results of its first public evaluation of endpoint detection & response (EDR) vendors based on its increasingly-popular ATT&CK framework.  The ATT&CK evaluations are a new approach to EDR testing – open, sophisticated, rigorous, and reflective of the real world. We applaud MITRE’s efforts here and are very pleased with the results for  CB Response, which had zero delayed and zero tainted detections throughout the evaluation.

The evaluations for this initial testing period used a MITRE-developed APT3 emulation plan and measured various solutions on behavior detection, telemetry and enrichment, among other elements. Along with the other seven vendors included in this evaluation, we have worked alongside MITRE and their methodology for months, ensuring that the results gave an honest and accurate representation of what our product is able to achieve.

The open nature of this evaluation, and the fact that MITRE intentionally does not provide specific scores, rankings, ratings that are able to be skewed by vendor sponsorships, made this particular evaluation one that we at Carbon Black are extremely excited about.

And while the published results are extensive and extremely detailed, there are a few high level trends that particularly stood out to us:

  • Several recognizable EDR vendors shied away from the first evaluation.
  • Nearly half of the vendors included in evaluation felt the need to include multiple products and/or services in their evaluation to achieve their best results.
  • Carbon Black and RSA were the only two vendors to come out clean, with zero “delayed” detections and zero “tainted” detections.
  • Every event Carbon Black detected could easily be visualized in the UI without requiring external tools to validate.
  • While some of the other vendors required “humans in the loop” to make many of their detections, 100% of Carbon Black detections were fully automated with zero delays and zero humans needed.

Our work with the MITRE ATT&CK framework hasn’t stopped with this evaluation. Along with the announcement of the results yesterday, we also announced today that we’ve added a MITRE ATT&CK threat intelligence feed directly into CB Response, in addition to our recently announced CB ThreatHunter product, which offers all of the same powerful detection, response and threat hunting capabilities through our Predictive Security Cloud platform.

As I stated above, we’re proud to be among the initial vendors evaluated by MITRE and we’re extremely proud of our results. Objective, transparent and open testing is critical as a means of driving the industry forward and the MITRE ATT&CK framework offers a critical look at how real-world attacks play out. The ATT&CK framework closely aligns with Carbon Black’s belief that detecting attacker behavior is exponentially more important than detecting malware alone. MITRE has set an excellent standard for how testing should be conducted and Carbon Black has set the standard for quick and conclusive detection.

We look forward to continuing to our work with MITRE as their testing evolves.

The post Why I’m Ecstatic About the MITRE ATT&CK Results appeared first on Carbon Black.

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Carbon Black, Inc.
Carbon Black is the leading provider of next-generation endpoint security. Carbon Black’s Next-Generation Antivirus (NGAV) solution, Cb Defense, leverages breakthrough prevention technology, “Streaming Prevention,” to instantly see and stop cyberattacks before they execute. Cb Defense uniquely combines breakthrough prevention with market-leading detection and response into a single, lightweight agent delivered through the cloud. With more than 7 million endpoints under management, Carbon Black has more than 2,500 customers, including 30 of the Fortune 100. These customers use Carbon Black to replace legacy antivirus, lock down critical systems, hunt threats, and protect their endpoints from the most advanced cyberattacks, including non-malware attacks.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?