Thorough, impartial checks are a significant useful resource for analyzing a supplier’s capabilities to protect a company in opposition to more and more subtle threats. And maybe no evaluation is extra extensively trusted than the annual MITRE Engenuity ATT&CK Analysis.
This testing is essential for evaluating distributors as a result of it is nearly unimaginable to judge cybersecurity distributors primarily based on their very own efficiency claims. Together with vendor reference checks and proof of worth (POV) evaluations — a reside trial — the MITRE outcomes add further goal enter to holistically assess cybersecurity distributors.
This text unpacks MITRE’s methodology for testing safety distributors in opposition to real-world threats, gives Cynet’s interpretation of the 2023 MITRE ATT&CK Analysis outcomes, and identifies prime takeaways rising from our analysis.
How Does MITRE Engenuity Take a look at Distributors In the course of the Analysis?
The MITRE ATT&CK Analysis is carried out by MITRE Engenuity and checks endpoint safety merchandise in opposition to a simulated assault sequence primarily based on real-life approaches taken by well-known superior persistent risk (APT) teams. The 2023 MITRE ATT&CK Analysis examined 31 vendor options by emulating the assault sequences of Turla, a classy Russia-based risk group recognized to have contaminated victims in over 45 nations.
An necessary caveat is that MITRE doesn’t rank or rating vendor outcomes. As an alternative, it publishes the uncooked check knowledge together with some primary on-line comparability instruments. Patrons can use that knowledge to judge the distributors primarily based on their group’s distinctive priorities and wishes. The collaborating distributors’ interpretations of the outcomes are simply that — their interpretations.
What Do the Outcomes Imply?
That is an important query — one which lots of people are asking themselves proper now. The MITRE ATT&CK Analysis outcomes aren’t offered in a format that many individuals are used to digesting ( you, magical graph with quadrants).
Many impartial researchers declare “winners” to lighten the cognitive load of determining which distributors are the highest performers. In MITRE’s case, figuring out the “greatest” vendor is subjective. Which, if you do not know what to search for, can really feel like a problem in the event you’re already annoyed with making an attempt to evaluate which safety vendor is the appropriate match in your group.
With these disclaimers issued, I will overview the outcomes to match and distinction how collaborating distributors carried out in opposition to Turla.
How Do You Interpret the MITRE ATT&CK Outcomes?
A very powerful measurements to think about when reviewing the collaborating distributors’ outcomes are general visibility and detection high quality. There are lots of different methods to have a look at the MITRE outcomes, however we think about these to be most indicative of an answer’s capability to precisely and successfully detect threats.
Menace Visibility
The power to detect threats is the elemental measure of an endpoint safety answer. Detecting assault steps throughout the MITRE ATT&CK sequence is essential for shielding the group. Lacking any step can permit the assault to broaden and finally result in a breach or different detrimental consequence. The Turla assault sequence was executed over 19 steps, which had been damaged out into 143 substeps. Visibility is the quantity or fraction of detections out of 143 attainable possibilities.
An necessary observe: MITRE permits distributors to reconfigure their techniques to try to detect threats they miss or to enhance the data they provide for detection. When this occurs, the report notes that the detection occurred with configuration adjustments. In the true world, we do not have the posh of lacking detections after which reconfiguring our techniques, so the extra significant measure is detections with out the configuration change modifier. Whenever you overview MITRE ATT&CK Analysis outcomes from the seller group, prioritize detection counts that don’t embody configuration adjustments.
Analytic Detections
Analytic detections establish the tactic (why an exercise could also be taking place) or the method (each why and the way the method is going on) related to the detection. These particulars are usually not solely very useful for safety analysts when investigating an alert however point out actual threats vs. false constructive alerts.
Distributors might not have offered analytic data (tactic or method) for every of the 143 steps deployed within the Turla assault sequence. Once more, it is best to measure analytic data earlier than any configuration adjustments had been carried out.
Charting Visibility and Detection High quality
This evaluation illustrates how properly the options did in detecting threats and offering the context essential to make the detections actionable. Missed detections are an invite for a breach, whereas poor-quality detections create pointless work for safety analysts or probably trigger the alert to be ignored, which once more, is an invite for a breach. This chart shortly reveals the place every vendor scored on the 2 most necessary measures.
Nonetheless Have Questions?
Comprehensible. Cynet is internet hosting a webinar on Wednesday, Sept. 20, to overview the newly launched outcomes and share knowledgeable recommendation for cybersecurity leaders to interpret the outcomes to search out the seller that most closely fits their group’s particular wants. Cynet CTO Aviad Hasnis and ISMG Senior Vice President, Editorial, Tom Area can even share extra particulars on the MITRE ATT&CK checks and outcomes. Moreover, you possibly can overview our full evaluation of the 2023 MITRE ATT&CK Analysis outcomes.
In regards to the Creator
George Tubin is Director of Product Technique at Cynet and a acknowledged knowledgeable in cybercrime prevention and digital banking and funds safety. He was beforehand Vice President of Advertising at Socure and Senior Analysis Director with the main monetary providers analysis agency TowerGroup (acquired by Gartner) the place he delivered thought management and insights to main monetary providers establishments, expertise suppliers, and consultancies on enterprise methods, applied sciences, cybersecurity, and id and fraud administration.