February 14, 2025

MITRE Engenuity™ has launched the outcomes from the most recent spherical of ATT&CK® Evaluations for Managed Providers, assessing the skills of 11 distributors to detect, analyze, and precisely describe real-world adversary conduct.

This was the second spherical of ATT&CK Evaluations for Managed Providers, initially launched in 2022, to assist organizations higher perceive how choices like Sophos MDR may also help defend them in opposition to subtle, multi-stage assaults.

Watch this quick video for an outline of the analysis:

What was the scope of the ATT&CK Evaluations?

MITRE Engenuity ATT&CK Evaluations are designed to simulate a consultant instance of how organizations ought to anticipate a managed service supplier to have interaction with them throughout a complicated assault.

The MITRE Engenuity workforce emulates the behaviors of identified risk actors throughout the analysis. A ‘black field’ strategy was used on this spherical, whereby MITRE didn’t disclose the simulated risk actor(s) or the method scope till the evaluation was full.

This analysis emulated ways and methods utilized by two identified risk teams – menuPass and ALPHV/BlackCat – and assessed every vendor’s skills to detect and report particular adversary actions.

In complete, the analysis comprised 172 adversary actions (sub-steps) throughout 15 total steps. Observe, nevertheless, that solely 43 of the sub-steps – those who MITRE Engenuity thought of essential for assault sequence success – had been included within the outcomes.

The analysis targeted fully on detection and reporting. The flexibility to dam, reply to, or remediate threats was not assessed. It’s important, due to this fact, to needless to say adversary behaviors emulated on this analysis might have been blocked by safety applied sciences (e.g., next-gen endpoint instruments), which distributors wanted to deactivate throughout the analysis.

Analysis members

Eleven managed safety service suppliers participated on this analysis spherical:

Bitdefender BlackBerry CrowdStrike Subject Impact
Microsoft Palo Alto Networks SecurityHQ Secureworks
SentinelOne Sophos Pattern Micro

Sophos’ outcomes

The outcomes of MITRE ATT&CK Evaluations might be interpreted in a number of methods and MITRE Engenuity doesn’t rank or declare any vendor a “winner” or a “chief”. Every vendor’s managed service experiences data in another way and every group’s wants and preferences are simply as essential because the outcomes themselves.

Sophos efficiently “Reported” and precisely described 84% of the 43 adversary actions (sub-steps) chosen by MITRE Engenuity – increased than the typical amongst taking part distributors. The bulk (75%) of Sophos’ detections had been additionally categorized as “Actionable”. “Reported” means the adversary exercise was efficiently recognized, and adequate context was offered. And, the place the reported data additionally efficiently addresses the “5 W’s” (Who, What, When, The place, and Why), the exercise was additional categorized as “Actionable”.

The outcomes additionally embody the variety of alert emails despatched by every vendor.

To make sure an efficient, comprehensible, and actionable response, Sophos MDR focuses on offering high-value, human-written notifications containing the essential data and context that clients must know.

Through the 5-day MITRE ATT&CK Analysis for Managed Providers, Sophos MDR despatched 24 emails. The typical amongst different members was over 120 emails, with some distributors sending greater than 300 emails. Alert fatigue, brought on by an amazing variety of notifications from safety options, is a serious drawback in cybersecurity. Sophos understands that your group’s time is effective, and when assets are restricted, high quality is usually higher than amount.

Easy methods to use outcomes of MITRE Engenuity ATT&CK Evaluations

ATT&CK Evaluations are among the many world’s most revered unbiased safety exams, due largely to the considerate building and emulation of real-world assault eventualities, transparency of outcomes, and richness of participant data.

When contemplating a Managed Detection and Response (MDR) service, you should definitely evaluation the outcomes from MITRE Engenuity ATT&CK Evaluations alongside different respected third-party proof factors, together with verified customer reviews, and analyst evaluations.

As you evaluation the info accessible in MITRE Engenuity’s analysis portal, look past the numbers and think about the next, preserving in thoughts that there are some questions on managed safety companies that the ATT&CK Evaluations can’t enable you to reply. For instance:

  • Does the service current data to you the way in which you need it, with high-value communications containing the essential data you want to know?
  • Does the service assume you could have an in-house safety operations workforce, or can they supply a full ‘prompt SOC’ with the power to take motion to get rid of threats in your behalf?
  • Who shall be participating the managed service supplier on a day-to-day foundation? IT Directors, skilled safety analysts, or maybe each?
  • Can the service combine with different applied sciences in your surroundings to detect and reply to multi-stage threats that stretch past endpoints (e.g., firewall, e-mail, cloud, id, community, backup and restoration, and many others.)?
  • Does the service embody full distant incident response, and are the included IR companies restricted to a hard and fast variety of hours, or uncapped?

Why we take part

Sophos is dedicated to taking part in MITRE Engenuity ATT&CK Evaluations alongside among the greatest safety distributors within the {industry}. As a group, we’re united in opposition to a typical enemy. These evaluations assist make us higher, individually and collectively, for the advantage of the organizations we defend.

Our participation within the newest analysis additional validates Sophos’ place as an industry-leading Managed Detection and Response (MDR) supplier and trusted cybersecurity companion to over 22,000 clients.

Don’t take our phrase for it

Sophos Managed Detection and Response is the world’s hottest MDR answer. We safe extra organizations than another MDR supplier and have intensive expertise throughout all industries and sectors. Current third-party proof factors embody:

To study extra about Sophos MDR and the way it can assist you, visit our website or speak with a security expert in the present day.