www.cynet.com Open in urlscan Pro
2606:4700:10::6816:316a  Public Scan

Submitted URL: https://meeting.cynet.com/api/mailings/click/PMRGSZBCHIZDGNZVG4YDCLBCOVZGYIR2EJUHI5DQOM5C6L3XO53S4Y3ZNZSXILTDN5WS6YTMN5TS6...
Effective URL: https://www.cynet.com/blog/2023-mitre-attck-evaluation-results/
Submission: On October 24 via manual from IN — Scanned from DE

Form analysis 1 forms found in the DOM

<form action="">
  <input type="email" placeholder="Enter your email">
  <input type="submit" value="Subscribe">
</form>

Text Content

 * Start free Trial
 * Blog
 * Under Attack?
 * Login

 * XDR Platform
    * [Column]
      * XDR PLATFORM
        * Platform Overview
        * AutoXDR Packages
    * [Column]
      * Protector
        * Protector Overview
        * Next-gen Antivirus (NGAV)
        * Endpoint Detection & Response (EDR)
        * Deception
        * User Behaviour Analytics (UBA)
        * Ransomware Protection
        * Network Detection & Response
        * SaaS Security Posture Management (SSPM)
        * IT & Security Operations
    * [Column]
      * Responder
        * Responder Overview
    * [Column]
      * Correlator
        * Correlator Overview
        * Centralized Log Management (CLM)

 * Service
    * [Column]
      * CyOps 24/7 MDR
        * CyOps Overview
        * Attack Techniques
    * [Column]
      * Support
        * Support Portal
    * [Column]
      * Incident Reponse
        * IR Services
    * [Column]
      * Experienced a Breach?
        * Immediate Assistance

 * Why Cynet
    * [Column]
      * Why Cynet
        * Why Cynet
        * 2023 MITRE Evaluation Results
        * Product Video Library
    * [Column]
      * Compare Cynet
        * Cynet vs. Competitors
    * [Column]
      * Industries
        * Healthcare
        * Manufacturing
        * Energy
        * Law
    * [Column]
      * Cynet for Compliance
        * Compliance
        * Compliance Guide

 * Partners
    * [Column]
      * Partner Program
        * Program Overview
        * Solution Providers
        * Service Providers
        * Incident Responders
        * Technology Partners
    * [Column]
      * Partner Portal
        * Partner Login

 * Resources
    * [Column]
      * Resources
        * MITRE ATT&CK Results
        * Case Studies
        * Datasheets
        * E-books
        * Webinars
        * White Papers
        * Templates
    * [Column]
      * Cyber Attacks
        * Advanced Persistent Threat
        * Attack Techniques
        * Data Breach
        * Insider Threat
        * Malware Protection
        * Network Attacks
        * Ransomware Protection
        * Zero-Day Attack
    * [Column]
      * Cybersecurity Solutions
        * Advanced Threat Protection
        * Cybersecurity
        * EDR Guide
        * Endpoint Protection
        * Endpoint Security
        * SSPM
        * UEBA
    * [Column]
      * Modern SOC
        * Incident Response
        * Incident Response Services
        * Managed Detection and Response (MDR)
        * XDR Security
        * Zero Trust
        * MSSP
        * NIST Cybersecurity Framework

 * Company
    * [Column]
      * Our Story
        * About us
    * [Column]
      * News & Events
        * News
        * Upcoming Events
    * [Column]
      * Careers
        * Careers
    * [Column]
      * Let’s Talk
        * Contact

Request a Demo
 * XDR Platform
   * XDR Platform
   * Protector
   * Correlator
   * Responder
   * AutoXDR Packages
 * Services
   * CyOps 24/7 MDR
   * Support
   * Incident response
   * Experienced a Breach?
 * Why Cynet
   * Why Cynet
   * 2023 MITRE ATT&CK Evaluation
   * Compare Cynet
   * Cynet for Compliance
 * Partners
   * Partner Program
   * Partner Login
 * Resources
 * Guides
   * EDR Guide
   * Incident Response
   * Endpoint Protection
   * Attack Techniques
   * XDR Security
   * Endpoint Security
   * Managed Detection and Response (MDR)
   * Malware Protection
   * Zero-Day Attack
   * Advanced Threat Protection
   * Incident Response Services
   * Network Attacks
   * Data Breach
   * SSPM
   * Ransomware Protection
   * Advanced Persistent Threat
   * Cybersecurity
   * UEBA
   * Zero Trust
 * Company
   * About us
   * News
   * Upcoming Events
   * Careers
   * Contact

Request a Demo
 * Start free Trial
 * Blog
 * Under Attack?
 * Login




SEE CYNET 360 AUTOXDR™ IN ACTION

Next

Prefer a one-on-one demo? Click here

By clicking next I consent to the use of my personal data by Cynet in accordance
with Cynet's Privacy Policy and by its partners


Back to Blog

September 20, 2023

By: George Tubin


HOW TO INTERPRET THE MITRE ENGENUITY ATT&CK® EVALUATIONS: ENTERPRISE – 2023
TURLA EDITION

 * Cynet News

September 20, 2023

By: George Tubin

 * Share on:
 * 
 * 
 * 

Thorough, independent tests are a vital resource as cybersecurity leaders and
their teams evaluate vendors’ abilities to guard against increasingly
sophisticated threats to their organization. And perhaps no assessment is more
widely trusted than the annual MITRE Engenuity ATT&CK Evaluations: Enterprise.

This evaluation is critical for testing vendors because it’s virtually
impossible to evaluate cybersecurity vendors based on their own performance
claims. Along with vendor reference checks and proof of value evaluations (POV)
— a live trial — in their environment, the MITRE Engenuity results add
additional objective input to holistically assess cybersecurity vendors.

Let’s dive into the 2023 results. In this blog, we’ll unpack MITRE Engenuity’s
methodology to test security vendors against real-world threats, offer our
interpretation of the results and identify the top takeaways emerging from
Cynet’s evaluation.

--------------------------------------------------------------------------------


HOW DOES MITRE ENGENUITY TEST VENDORS DURING THE EVALUATION?

The MITRE Engenuity ATT&CK Evaluation is performed by MITRE Engenuity and tests
the endpoint protection solutions against a simulated attack sequence based on
real-life approaches taken by well-known advanced persistent threat (APT)
groups. The MITRE Engenuity ATT&CK Evaluations: Enterprise tested 29 vendor
solutions by emulating the attack sequences of Turla, a sophisticated
Russia-based threat group known to have infected victims in over 45 countries.

An important caveat is that MITRE does not rank or score vendor results.
Instead, the raw test data is published along with some basic online comparison
tools. Buyers then use that data to evaluate the vendors based on their
organization’s unique priorities and needs. The participating vendors’
interpretations of the results are just that — their interpretations.

--------------------------------------------------------------------------------


SO, HOW DO YOU INTERPRET THE RESULTS?

That’s a great question — one that a lot of people are asking themselves right
now. The MITRE Engenuity ATT&CK Evaluations: Enterprise results aren’t presented
in a format that many of us are used to digesting (looking at you, magical graph
with quadrants).

And independent researchers often declare “winners” to lighten the cognitive
load of figuring out which vendors are the top performers. In this case,
identifying the “best” vendor is subjective. Which, if you don’t know what to
look for, can feel like a hassle if you’re already frustrated with trying to
assess which security vendor is the right fit for your organization.

With these disclaimers issued, let’s now review the results themselves to
compare and contrast how participating vendors performed against Turla.

--------------------------------------------------------------------------------


MITRE ENGENUITY ATT&CK RESULTS SUMMARY

The following tables present Cynet’s analysis and calculation of all vendor
MITRE Engenuity ATT&CK Evaluations: Enterprise test results for the most
important measurements: Overall Visibility, Detection Accuracy, and Overall
Performance.  There are a lot of other ways to look at the MITRE results, but we
consider these to be most indicative of a solution’s ability to detect threats.

Overall Visibility is the total number of attack steps detected across all 143
sub-steps. Cynet defines Detection Quality as the percentage of attack sub-steps
that included “Analytic Detections – those that identify the tactic (why an
activity may be happening) or technique (both why and how the technique is
happening).  

Additionally, it’s important to look at how each solution performed before the
vendor adjusted configuration settings due to missing a threat.  MITRE allows
vendors to reconfigure their systems to attempt to detect threats that they
missed or to improve the information they supply for detection. In the real
world we don’t have the luxury of reconfiguring our systems due to missed or
poor detection, so the more realistic measure is detections before configuration
changes are implemented.

--------------------------------------------------------------------------------


HOW’D CYNET DO?

Based on Cynet’s analysis, our team is proud of our performance against Turla in
this year’s MITRE Engenuity ATT&CK Evaluations: Enterprise, outperforming the
majority of vendors in several key areas. Here are our top takeaways:

 * Cynet delivered 100% Detection (19 of 19 attack steps) with NO CONFIGURATION
   CHANGES
 * Cynet delivered 100% Visibility (143 of 143 attack sub-steps) with NO
   CONFIGURATION CHANGES
 * Cynet delivered 100% Analytic Coverage (143 of 143 detections) with NO
   CONFIGURATION CHANGES
 * Cynet delivered 100% Real-time Detections (0 Delays across all 143
   detections)

Let’s dive a little deeper into Cynet’s analysis of some of the results.

Cynet was a top performer when evaluating both visibility and detection quality.
This analysis illustrates how well a solution does in detecting threats and
providing the context necessary to make the detections actionable. Missed
detections are an invitation for a breach, while poor quality detections create
unnecessary work for security analysts or potentially cause the alert to be
ignored, which again, is an invitation for a breach. 



Cynet delivered 100% visibility and perfectly detected every one of the 143
attack steps using no configuration changes.  The following chart shows the
percentage of detections across all 143 attack sub-steps before the vendors
implemented configuration changes.  Cynet performed as well as two very large,
well-known, security companies despite being a fraction of their size and far
better than some of the biggest names in cybersecurity. 



Cynet provided analytic coverage for 100% of the 143 attack steps using no
configuration changes. The following chart shows the percentage of detections
that contained important general,  tactic or technique information across the
143 attack sub-steps, again before configuration changes were implemented. 
Cynet performed as well as Palo Alto Networks, a $76 billion publicly traded
company with 50 times the number of employees and far better than many
established, publicly traded brands.



--------------------------------------------------------------------------------


STILL HAVE QUESTIONS?

In this webinar, Cynet CTO Aviad Hasnis and ISMG SVP Editorial Tom Field review
the recently released results and share expert advice for cybersecurity leaders
to interpret the results to find the vendor that best fits the specific needs of
their organization. He’ll also share more details on Cynet’s performance during
the tests and how that could translate to your team’s unique goals.


JOIN OUR NEWSLETTER

Get the latest updates and resources




SUBSCRIBE TO OUR BLOG AND STAY UPDATED




SHARE ON:




SEEING THROUGH THE VENDOR SPIN: INTERPRETING THE MITRE ENGENUITY ATT&CK
EVALUATION RESULTS

The 2023 MITRE Engenuity ATT&CK Enterprise Evaluation results were just released
and that means one t... READ MORE

October 5, 2023

 * XDR Platform
   * Platform Overview
   * Cynet Protector
   * Cynet Responder
   * Cynet Correlator
   * Endpoint Detection & Response (EDR)
   * Ransomware Protection
   * SaaS Security Posture Management (SSPM)

 * Services
   * CyOps 24/7 MDR
   * Immediate IR Assistance
   * Attack Techniques
   * Security Updates
   * Threat Intelligence Reports

 * Partners
   * Partner Program Overview
   * Partner Portal
   * Solution Providers
   * Service Providers
   * Incident Responders
   * Technology Partners

 * Resources
   * Case Studies
   * Datasheets
   * eBooks
   * Webinars
   * White Papers

 * Company
   * Why Cynet
   * About us
   * News
   * Careers
   * Contact Us


 * 
 * 
 * 
 * 

Copyright © 2023 Cynet Terms Privacy