In recent years, threat actor groups like Wizard Spider and Sandworm have wrought havoc by building and distributing cybercrime tools like the Conti, Trickbot, and Ryuk malware. Sandworm (a Russian cyber-military force) recently conducted cyberattacks on Ukrainian infrastructure targets.
MITRE Engenuity employs real-world assault scenarios and techniques employed by threat organisations to test security suppliers' capacity to protect against threats — the MITRE ATT&CK Evaluation – in order to ensure cybersecurity providers are battle-ready. Each vendor's detections and capabilities are assessed in the context of the MITRE ATT&CK Framework.
This year, they applied the methods found in Wizard Spider and Sandworm throughout their evaluation exercises. And MITRE Engenuity was unkind to the vendors who participated. As previously said, the stakes are too high, and the danger is growing.
Overview of the 2022 results
Simply put, the MITRE ATT&CK Evaluation evaluated the security capabilities of 30 endpoint protection products. The testing yielded two crucial measurements: overall detection and overall protection.
According to Cynet, one of the participating vendors, in a blog post summarising the findings, "Overall Detection (also called by MITRE as "Visibility") is the overall number of attack steps detected across all 109 sub-steps. Overall Prevention (also known as "Protection") assesses how early in the assault chain the threat was discovered, preventing the following stages from being carried out. Both are essential indicators of an effective endpoint detection solution."
The graph below displays the 2022 participating vendors' total detection and protection performance:
Image Courtesy: The Hacker News
And here are the results in the form of a summary table:
How does it work?
This year, MITRE ATT&CK adopts a novel approach, assessing 30 security providers for their ability to defend against real-world threats. They achieve this by subjecting these suppliers to a simulation in a controlled environment, resulting in an unbiased assessment of each vendor's platform and threat detection and response capabilities.
Each year, the results of these evaluations are published at the end of March and are designed to be utilised by security teams trying to better their security programme, which typically includes picking a cybersecurity provider. The MITRE ATT&CK Evaluation employs a public-facing methodology to examine certain capabilities and delivers an objective assessment without ranking the performance of each vendor.
It is the reader's responsibility to analyse the results and conclude which vendor did the best. This is when things become difficult.
The MITRE ATT&CK Evaluation results are meant to be a useful resource for security professionals and executives, and they should be learned how to apply them. The challenge is determining what these statistics indicate in reference to other vendors' performance.
Webinar on the 2022 MITRE ATT&CK Evaluation Results
Many security pros will tell you that understanding this data is more difficult than it appears. Cynet, one of the vendors who took part in this year's evaluation, intends to clear things up. The purpose is to help organisations searching for a security provider choose which participating vendor's capabilities best meet their needs.
Aviad Hasnis, Cynet's CTO, will lead this webinar series, which will begin on April 7, 2022. He'll discuss how to use the MITRE ATT&CK Evaluation results to help you find a security vendor, as well as share details regarding Cynet's performance.
Please do not enter any spam link in the comment box.