Threat actor groups like Wizard Spider and Sandworm have been wreaking havoc over the past few years – developing and deploying cybercrime tools like Conti, Trickbot, and Ryuk ransomware. Most recently, Sandworm (suspected to be a Russian cyber-military unit) unleashed cyberattacks against Ukrainian infrastructure targets.
To ensure cybersecurity providers are battle ready, MITRE Engenuity uses real-world attack scenarios and tactics implemented by threat groups to test security vendors’ capabilities to protect against threats – the MITRE ATT&CK Evaluation. Each vendor’s detections and capabilities are assessed within the context of the MITRE ATT&CK Framework.
This year, they used the tactics seen in Wizard Spider and Sandworm’s during their evaluation simulations. And MITRE Engenuity didn’t go easy on these participating vendors. As mentioned before – the stakes are too high, and risk is growing.
The 2022 results overview
To think about it simply, this MITRE ATT&CK Evaluation measured protection capabilities of 30 endpoint protection solutions. Two key measurements that are generated from the testing are Overall Detection and Overall Protection.
As one participating vendor, Cynet, explained in a blog post reviewing the results, “Overall Detection (What MITRE refer to as “Visibility”) is the total number of attack steps detected across all 109 sub-steps. Overall Prevention (What MITRE refer to as “Protection”) measures how early in the attack sequence the threat was detected so that subsequent steps could not execute. Both are important measurements and are indicative of a strong endpoint detection solution.”
images from Hacker News