By Oleg Mogilevsky, Product Marketing Manager, Threat Prevention
The newly published 2020 MITRE Engenuity ATT&CK Evaluations provided a detailed assessment of various vendors’ ability to automatically detect and respond to real-life cyberattacks within the context of the ATT&CK framework. Yet, with MITRE Engenuity not assigning comparative scores or rankings, the customers and security professionals are dealing with multiple – and sometimes contradictory – interpretations of the test results.
To address this and help security professionals understand test methodology and analysis, we at Check Point Software created The Ultimate Guide to 2020 MITRE Engenuity ATT&CK® Evaluations. The paper offers a comprehensive overview of the 2020 Evaluations and provides insights into the industry’s leading endpoint security vendors’ performance during the test.
With the massive shift to the remote working model and the fast-evolving threat landscape, it has become critical for businesses worldwide to strengthen their endpoint security strategy.
For three years now, MITRE Engenuity conducts independent evaluations of cybersecurity products to help the industry and government institutions make better decisions to combat security threats and improve their threat detection capabilities. Leveraging the MITRE ATT&CK® knowledge base, evaluations assess various vendors on their ability to automatically detect and respond to real-life cyberattacks within the context of the ATT&CK framework.
Introducing The Ultimate Guide to 2020 MITRE Engenuity ATT&CK® Evaluations
To help understand and leverage the ATT&CK® Evaluations results for endpoint security products evaluation in an informed and comprehensive way, we created The Ultimate Guide to 2020 MITRE Engenuity ATT&CK® Evaluations.
This paper not only provides an overview of the ATT&CK Evaluations methodology and metrics but also offers unique insights into endpoint security vendors’ performance against real-life cyberattacks during the test.
Download The Ultimate Guide to 2020 MITRE ATT&CK Evaluations to better understand the results and how they can help you strengthen your endpoint security strategy
What’s new about the latest round of 2020 MITRE ATT&CK® Evaluations?
This year’s MITRE Engenuity ATT&CK® Evaluations is the most comprehensive round so far, with the largest number of participating vendors: 29. With no Managed Security Service Providers (MSSPs) being allowed to participate, the test’s focus was solely on products and their automatic detection capabilities. This round also became the first one in which the Linux operating system was included in the detection scenarios, along with the Windows OS.
Step-by-step Carbanak + FIN-7 Emulation
In the 2020 test, MITRE Engenuity used its knowledge base to emulate the tactics and techniques of Carbanak and FIN7. These two threat groups have been using sophisticated malware and tactics to launch attacks against financial services and hospitality organizations over the past five years, resulting in the theft of more than $1 billion across hundreds of businesses.
Figure 1. 2020 ATT&CK Evaluations: Carbanak and FIN7 threat group profiles and attack scenario
MITRE Engenuity team used the MITRE ATT&CK® knowledge base to emulate the tactics and techniques of the Carbanak and FIN7 threat groups. The emulation covered 20 stages, 174 sub-steps, and 46 ATT&CK® techniques.
Evaluation Methodology
To conduct a comprehensive analysis of the results, it’s important to understand the MITRE ATT&CK® Detection Categories used for this evaluation
Figure 2. MITRE ATT&CK® Detection Categories
The overall summary per vendor provided by the MITRE Engenuity team covers 4 top metrics
Figure 3. ATT&CK® Evaluations Summary Matrix
Download The Ultimate Guide to 2020 MITRE ATT&CK Evaluations to better understand the results and how they can help you strengthen your endpoint security strategy
Check Point Harmony Endpoint Performance in the 2020 ATT&CK® Evaluations
Check Point Harmony Endpoint has been recognized for delivering the most comprehensive threat detection and end-to-end attack visibility with a full context across detection categories in the 2020 ATT&CK® Evaluations. With Check Point Harmony Endpoint, organizations can have their security teams use the solution to accurately detect threats, investigate and respond to them effectively, leveraging the industry’s most comprehensive correlation with the MITRE ATT&CK® framework.
Figure 4. Check Point Harmony Endpoint Performance across ATT&CK® Evaluations Summary Matrix
Why Check Point Harmony Endpoint
Check Point Harmony Endpoint is a complete endpoint security solution built to protect the remote workforce from today’s complex threat landscape. It prevents the most imminent threats to the endpoint such as ransomware, phishing, or drive-by malware, while quickly minimizing breach impact with autonomous detection and response.
Check Point Harmony Endpoint is part of the Check Point Harmony product suite, the industry’s first unified security solution for users, devices and access. Check Point Harmony consolidates six products to provide uncompromised security and simplicity for everyone.
The results of this ATT&CK® Evaluations round once again emphasize Check Point Harmony Endpoint’s top-class threat detection capabilities, just recently confirmed by the solution’s “Top Product” recognition by AV-TEST.
Discover all the capabilities of Check Point Harmony Endpoint by yourself, schedule a personalized demo to see it in action.
Learn More:
- “Rethinking Endpoint Security” blog series (Part 1, Part 2)
- Buyer’s Guide to Endpoint Security whitepaper
- Check Point Harmony Endpoint recognized as a Top Product in Corporate Endpoint Protection by AV-TEST
- MITRE Engenuity ATT&CK® Evaluations Highlight Check Point Software Leadership in Endpoint Security