By developing a common language to arm analysts with a standard to describe attacks, MITRE ATT&CK has become a critical knowledgebase for cyber defenders, ultimately improving security efficiency and response time. The annual MITRE Evaluation compares industry-wide innovation to deliver the solutions necessary to detect and respond to the evolving threat landscape.
The evaluation offers cybersecurity solution buyers and customers with an unbiased option to evaluate security products to arm themselves against the latest advances from attackers based on their areas of greatest need.
This year’s evaluation saw vendors detect and respond to tactics, techniques, and procedures (TTPs) from two emulated adversary scenarios that are broadly defining modern ransomware today — Wizard Spider, a cybercriminal extortion gang, and Sandworm, a disruptive threat group focused on data destruction.
Critical evaluation categories include:
- Analytic Coverage: Enriched detections to deliver greater context to investigation by adding ATT&CK TTP mapping, improving triage for analysts.
- Visibility: Clear availability of analytic or telemetry information to enable faster response time for incident response and threat hunting.
- Protection: Threat prevention and blocking to deflect risk early-on and optimize holistic security team efforts.
Trend Micro’s Unified Cybersecurity Platform Recorded Impressive Results
For the third year in a row Trend Micro Vision One proved itself as an invaluable tool for security teams. It tested against simulated breaches that included 109 total attack steps.
- Detection: Delivered on 19/19 attack steps in the evaluation, for 100% detection.
- Visibility: Provided clear visibility on 105 out of 109 attack methods providing 96.33% coverage.
- Protection: Top ranking in the protection category, offering 100% prevention.
- Linux: Top performance among leading vendors, detecting and preventing 100% of attacks against the Linux host. Trend Micro recommends customers prioritize Linux coverage considering its popularity as the most used OS in cloud-native applications.
Trend Micro Vision One correlates intelligence across email, endpoints, servers, networks and cloud workloads to generate fewer but higher fidelity alerts for security operations (SecOps) teams. The increase in efficiency simplifies investigations, optimizes SecOps productivity, and accelerates remediation to stop threat actors in their tracks before they have a chance to cause lasting damage. Vision One connect the dots in security incidents, showing how they might be related and highlighting indicators of compromise similar to known attack groups and types.
To read a full copy of the MITRE Engenuity ATT&CK Evaluation for Trend Micro Vision One report, please visit: https://resources.trendmicro.com/MITRE-Attack-Evaluations.html