CrowdStrike achieves 99% detection coverage in MITRE Engenuity ATT&CK Evaluations


CrowdStrike , a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced its results in the first-ever MITRE Engenuity ATT&CK Evaluations for security service providers. The CrowdStrike Falcon platform achieved 99% detection coverage of adversary behavior (reporting 75 out of 76 adversary techniques) out of 16 vendors evaluated.

This inaugural round of MITRE ATT&CK Evaluations tested vendors by emulating the tactics, techniques and procedures (TTPs) of OilRig (also known as HELIX KITTEN), the adversary group with operations aligned to the strategic objectives of the Iranian government. Vendors were asked to accurately identify malicious activity and associate it to the adversary and corresponding steps in the MITRE ATT&CK framework. Unique to the evaluation, MITRE employed a closed book version of adversary emulation, whereby vendors did not know the adversary until after the execution was complete.

The CrowdStrike Falcon platform shined in MITRE’s evaluation with its Managed Detection and Response (MDR) offering – CrowdStrike Falcon Complete – which is rooted in industry-leading Endpoint Detection and Response (EDR), eXtended Detection and Response (XDR) and Managed Threat Hunting capabilities. The CrowdStrike Falcon platform identified the tradecraft of the emulated adversary (HELIX KITTEN) within minutes, resulting in superior detection coverage to drive rapid, end-to-end response. Speed is critical, as the average breakout time (i.e. the time, on average, it takes an adversary to move laterally from initial compromise to other hosts within the victim environment) is 84 minutes according to the 2022 Falcon OverWatch Threat Hunting Report.

“We believe MITRE’s evaluation demonstrates why CrowdStrike is the clear leader in EDR/XDR, whether our capabilities are delivered as a fully managed service from CrowdStrike or our network of MSSP partners, or operated independently by our customers. The closed book test provides an opportunity to show how security platforms operate against adversary tradecraft in a real-world setting, as vendors have no prior knowledge to guide their actions,” said Michael Sentonas, chief technology officer at CrowdStrike. “Achieving a near 100% detection coverage further validates our platform’s effectiveness and ease of use, as well as our pioneering MDR services, which are trusted to stop breaches for thousands of organizations worldwide.”

Leave a reply