MITRE Engenuity™ has launched the outcomes from the most recent spherical of ATT&CK® Evaluations for Managed Providers, assessing the talents of 11 distributors to detect, analyze, and precisely describe real-world adversary habits.
This was the second spherical of ATT&CK Evaluations for Managed Providers, initially launched in 2022, to assist organizations higher perceive how choices like Sophos MDR may help shield them towards refined, multi-stage assaults.
Watch this quick video for an summary of the analysis:
What was the scope of the ATT&CK Evaluations?
MITRE Engenuity ATT&CK Evaluations are designed to simulate a consultant instance of how organizations ought to count on a managed service supplier to interact with them throughout a classy assault.
The MITRE Engenuity staff emulates the behaviors of recognized menace actors through the analysis. A ‘black field’ strategy was used on this spherical, whereby MITRE didn’t disclose the simulated menace actor(s) or the approach scope till the evaluation was full.
This analysis emulated ways and strategies utilized by two recognized menace teams – menuPass and ALPHV/BlackCat – and assessed every vendor’s skills to detect and report particular adversary actions.
In whole, the analysis comprised 172 adversary actions (sub-steps) throughout 15 total steps. Be aware, nevertheless, that solely 43 of the sub-steps – those who MITRE Engenuity thought-about crucial for assault sequence success – had been included within the outcomes.
The analysis targeted fully on detection and reporting. The flexibility to dam, reply to, or remediate threats was not assessed. It’s important, due to this fact, to needless to say adversary behaviors emulated on this analysis could have been blocked by safety applied sciences (e.g., next-gen endpoint instruments), which distributors wanted to deactivate through the analysis.
Analysis contributors
Eleven managed safety service suppliers participated on this analysis spherical:
Bitdefender | BlackBerry | CrowdStrike | Area Impact |
Microsoft | Palo Alto Networks | SecurityHQ | Secureworks |
SentinelOne | Sophos | Pattern Micro |
Sophos’ outcomes
The outcomes of MITRE ATT&CK Evaluations will be interpreted in a number of methods and MITRE Engenuity doesn’t rank or declare any vendor a “winner” or a “chief”. Every vendor’s managed service stories info otherwise and every group’s wants and preferences are simply as necessary because the outcomes themselves.
Sophos efficiently “Reported” and precisely described 84% of the 43 adversary actions (sub-steps) chosen by MITRE Engenuity – greater than the common amongst collaborating distributors. The bulk (75%) of Sophos’ detections had been additionally categorized as “Actionable”. “Reported” means the adversary exercise was efficiently recognized, and enough context was offered. And, the place the reported info additionally efficiently addresses the “5 W’s” (Who, What, When, The place, and Why), the exercise was additional categorized as “Actionable”.
The outcomes additionally embody the variety of alert emails despatched by every vendor.
To make sure an efficient, comprehensible, and actionable response, Sophos MDR focuses on offering high-value, human-written notifications containing the crucial info and context that prospects must know.
Through the 5-day MITRE ATT&CK Analysis for Managed Providers, Sophos MDR despatched 24 emails. The typical amongst different contributors was over 120 emails, with some distributors sending greater than 300 emails. Alert fatigue, brought on by an amazing variety of notifications from safety options, is a significant drawback in cybersecurity. Sophos understands that your group’s time is effective, and when sources are restricted, high quality is often higher than amount.
Methods to use outcomes of MITRE Engenuity ATT&CK Evaluations
ATT&CK Evaluations are among the many world’s most revered unbiased safety exams, due largely to the considerate development and emulation of real-world assault situations, transparency of outcomes, and richness of participant info.
When contemplating a Managed Detection and Response (MDR) service, make sure you evaluation the outcomes from MITRE Engenuity ATT&CK Evaluations alongside different respected third-party proof factors, together with verified buyer opinions, and analyst evaluations.
As you evaluation the information out there in MITRE Engenuity’s analysis portal, look past the numbers and contemplate the next, retaining in thoughts that there are some questions on managed safety providers that the ATT&CK Evaluations can’t enable you reply. For instance:
- Does the service current info to you the way in which you need it, with high-value communications containing the crucial info it is advisable know?
- Does the service assume you may have an in-house safety operations staff, or can they supply a full ‘immediate SOC’ with the power to take motion to remove threats in your behalf?
- Who might be partaking the managed service supplier on a day-to-day foundation? IT Directors, skilled safety analysts, or maybe each?
- Can the service combine with different applied sciences in your atmosphere to detect and reply to multi-stage threats that stretch past endpoints (e.g., firewall, e-mail, cloud, identification, community, backup and restoration, and so on.)?
- Does the service embody full distant incident response, and are the included IR providers restricted to a set variety of hours, or uncapped?
Why we take part
Sophos is dedicated to collaborating in MITRE Engenuity ATT&CK Evaluations alongside among the finest safety distributors within the {industry}. As a neighborhood, we’re united towards a typical enemy. These evaluations assist make us higher, individually and collectively, for the advantage of the organizations we defend.
Our participation within the newest analysis additional validates Sophos’ place as an industry-leading Managed Detection and Response (MDR) supplier and trusted cybersecurity associate to over 22,000 prospects.
Don’t take our phrase for it
Sophos Managed Detection and Response is the world’s hottest MDR answer. We safe extra organizations than every other MDR supplier and have intensive expertise throughout all industries and sectors. Current third-party proof factors embody:
To study extra about Sophos MDR and the way it can assist you, go to our web site or communicate with a safety professional in the present day.