MITRE Engenuity ATT&CK® Evaluations Results Highlight Check Point’s leadership in Endpoint Security with a 100% Detection Across all Attack Steps

By Noa Goldstein, Product Marketing Manager

We are thrilled to announce that for the 2nd consecutive year Check Point Harmony Endpoint, Check Point’s complete endpoint security solution, has been recognized for providing high-quality, comprehensive threat detection and context across detection categories in the fourth round of MITRE Engenuity ATT&CK® Evaluations.
Check Point Harmony Endpoint was evaluated, along with 29 other vendors, for its ability to detect real-life cyberattacks employed by Russian based threat groups Wizard Spider and Sandworm Threat Groups within the context of the ATT&CK® framework.
The MITRE Engenuity evaluations examine many aspects of the endpoint solution in an extremely detailed and comprehensive way. However, they do not provide comparative scores or ranking, leaving security professionals with different interpretations by different vendors.
To shed light on this year’s evaluations main insights and takeaway, we invite you to join a live webinar with our security experts


Join a live webinar with our security experts on April 13 to better understand
the evaluation results and how they can help you strengthen your endpoint security strategy.
Register today: Americas, EMEA/APAC


The latest ATT&CK® Evaluations emulating the tactics and techniques of Wizard Spider and Sandstorm showed Check Point Harmony Endpoint success. Harmony Endpoint delivered 100% detection of all attack steps with the highest Technique detection level and zero delays in alerting detections. The solution provided 98% detection rate for advanced persistent threat (APT) by Russian-based group Spider Wizard.
A 100% of Harmony Endpoint’s detections provided visibility and context, 98% of them in the highest technique score. Check Point Harmony Endpoint achieved a leading result among all participants in analytics detection (which includes context and mapping to the relevant technique instead of raw telemetry).

These results underscore Check Point’s commitment to provide the highest level of accuracy and contextualized visibility into real-world cyber threats, all while providing autonomous detection and response.

MITRE Engenuity ATTACK® Evaluation 2022 results

MITRE Engenuity ATT&CK® Evaluation 2022 results’ analysis. Source: Check Point Software. This is not an official MITRE Engenuity chart

These results highlight Check Point Harmony Endpoint’s ability to provide the highest level of detection accuracy and contextualized visibility into real-world cyber threats, all while providing autonomous detection and response capabilities. Harmony Endpoint’s quality of detection ensures our customers are provided with maximum information within context, and minimum noise, such as false positive alerts and redundant logs, simplifying their work and keeping productivity high. At the same time, Harmony Endpoint allows security professionals to accurately detect threats, investigate and respond to them effectively leveraging the industry’s most comprehensive correlation with the MITRE Engenuity ATT&CK® framework.

Each year, MITRE Engenuity conducts independent evaluations of cybersecurity products to help the industry and government institutions make better decisions to combat security threats and improve their threat detection capabilities. The MITRE ATT&CK® knowledge base helps security operations understand attackers and their techniques, which creates the basis to a strong detection and response strategy, and eventually for a better security posture. The MITRE ATT&CK® framework is the most extensive knowledge base of adversary tactics and techniques based on real-world observations.

MITRE Engenuity ATT&CK® Evaluations test various vendors on their ability to automatically detect and respond to real-life cyberattacks within the context of the ATT&CK framework.

In this year’s test, MITRE Engenuity used the MITRE ATT&CK® knowledge base to emulate the tactics and techniques of Wizard Spider and Sandworm. These two threat groups have been using sophisticated malware and tactics to launch attacks against financial services and hospitality organizations over the past five years, resulting in the theft of more than $1 billion across hundreds of businesses.

“Sophistication and frequency of attacks increased dramatically over the past year, reaching new peaks. In this reality, organizations should adopt a threat-informed security strategy. MITRE Engenuity ATT&CK® Evaluations help them achieve that by evaluating cybersecurity solutions’ ability to defend against real-world cyberattacks and threat groups” said Ofir Israel, Vice President of Threat Prevention at Check Point Software Technologies” Endpoint security plays a crucial role in protecting the hyper distributed workspace. The latest ATT&CK® Evaluations results highlight Harmony Endpoint leadership once again, for the 2nd consecutive year, as industry-leading threat detection and full attack visibility capabilities. Harmony Endpoint Customers get all the endpoint protection they need against all imminent threats like ransomware, malware, phishing while enjoying robust detection and response capabilities at the best TCO.”

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.

The Evals team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.

This year’s MITRE Engenuity ATT&CK® evaluation results underscored Check Point Harmony Endpoint‘s top-class visibility and threat detection capabilities.

  • Harmony Endpoint delivered the highest technique detection level with 100% detection of attack steps
  • Harmony Endpoint delivered the most extensive visibility and context across 100% of Sub-Step detection. In 98% of sub steps detected, delivered the highest technique detection level providing additional data enrichment to help user thoroughly understand the attack
  • Harmony Endpoint provided 98% detection for financial advanced persistent threat (APT) by Russian-based group Wizard Spider, responsible for notorious malwares such as Emotet, Trickbot, and Ryuk
  • Check Point provided immediate alerts with zero delays in all its detections

The results of this ATT&CK® Evaluations round once again emphasize Check Point Harmony Endpoint’s top-class threat detection capabilities, just recently confirmed by the solution’s “Major Player” recognition by IDC.

To learn more about Check Point’s Harmony Endpoint performance in this latest round of testing and review the full results, please visit MITRE Engenuity’s blog and testing overview.

How Check Point Harmony Endpoint integrates with MITRE ATT&CK® framework
Check Point Harmony Endpoint’s threat hunting is a powerful tool that helps hunt and investigate incidents promptly. It includes pre-defined queries that allow you to quickly find active attacks, detected attacks, malicious files and more.

Figure 1. Threat Hunting Overview Screen

Check Point Harmony Endpoint boosts your endpoint security by proactively hunting for MITRE ATT&CK® techniques using its enhanced threat hunting capabilities. The solution provides a MITRE ATT&CK® dashboard that helps investigate attacks based on MITRE ATT&CK’s knowledge base.

Mitre 2022

Figure 2. Check Point Harmony Endpoint’s MITRE ATT&CK® Live Dashboard

Beyond leading in the latest MITRE ATT&CK® Engenuity Evaluations, we are now offering the industry’s widest and deepest integration with MITRE ATT&CK framework across network, cloud, endpoint and mobile. Our AI prevention technologies uniquely utilize MITRE knowledge base taxonomy, to predict zero-day attacks and accelerate detection, investigation and response.

  • Faster Detection and Investigation – quickly prioritize and investigate threats utilizing automated translation of security incident within your environment to MITRE techniques directly from the Check Point management console, logs and repots.
  • Out-of-the-box mitigations – Out of the box recommendation for remediations, based on MITRE knowledge base
  • Predictive Prevention – Prevent sophisticated zero-day attacks with the industry’s first MITRE based ML Sandboxing technology that predicts and blocks the adversary’s techniques across multiple vectors.

As a Check Point customer, you can now utilize the full extent of MITRE ATT&CK Framework directly from your security products, and pick into the adversaries’ mindset, understand their goals, and choose the most efficient response.

Discover all the capabilities of Check Point Harmony Endpoint by yourself, and schedule a personalized demo to see it in action