You can learn how you can innovate by watching the On-Demand Sessions from the Low-Code/No-Code Summit and Upskilling is a way to increase efficiency and scaling citizen developers. Watch now.


Social engineering is used to defeat cyberattacks and Find spear-phishing and Exploit IT gaps and endpoints in your company’s corporate IT environment and identities. They frequently launch persistent threats right away and Later, they snatch credentials and move undetected across networks. MITRE chose this breach sequence for It first-ever closed-book “MITRE ATT&CK Evaluations for Security Service Provider.”

The goal of the ATT&CK evaluation is to test providers’ cybersecurity effectiveness. How prepared, able and These solutions for identifying are precise and Stopping a breach attempt Without Know when and What will happen next?

MITRE Engenuity ATT&CK Evaluations are based upon a knowledge base about tactics and techniques and Sub-techniques to preserve evaluations open and fair. MITRE’s ATT&CK Matrix for Enterprise The most widely used framework for Evaluating enterprise systems and Software security 

Managed services for stress-testing and MDR 

Historically, MITRE ATT&CK evaluations have informed security vendors upfront — before the active testing — what intrusion and They will be tested for breaches and why. Vendors are known to use this information to create game evaluations that can lead to incorrect results.

Event

Intelligent Security Summit

Learn about the vital role of AI & ML in cybersecurity and Industry specific case studies December 8. Register for Get your free pass today.


Register Now

Vendors do not know what risks they might face during a closed-book assessment. MITRE ATT&CK Evaluations for Security Service Providers is the initial closed-book evaluation. stress-test The technical efficacy and real-world capabilities of vendors’ Managed Services or Managed Detection and ResponseMDR) solutions.

>>Don’t miss our new special issue: Zero trust: The new security paradigm.<<

Closed-book evaluations give the best representation of how a vendor would perform in a customer environment. “The closed book test provides an opportunity to show how security platforms operate against adversary tradecraft in a real-world setting, as vendors have no prior knowledge to guide their actions,” CrowdStrike’s chief technology officer, Michael Sentonas.

MITRE’s assessment of MDRs is particularly relevant, given that chronic cybersecurity Companies are at higher risk of being breached when they have fewer skilled workers. According to the (ISC)² Cybersecurity Workforce Study, “3.4 million more cybersecurity workers are needed to secure assets effectively.” Managed detection and response (MDR) Provides organizations with a way to effectively close the skills gap and Improve business resilience

The MITRE Security Service Providers Evaluation lasted for five days and had a 24-hour reporting window. Sixteen MDR Participants in the program did not have any prior knowledge of the adversary, its tactics or techniques. and Procedures (TTPs). They were each graded on 10 steps comprised of 76 events, including 10 unique ATT&CK tactics and 48 unique ATT&CK techniques.

“We selected OilRig based on their defense evasion and persistence techniques, their complexity, and their relevancy across industry verticals,” Ashwin Radhakrishnan from MITRE Engenuity writes. The first round of MITRE ATT&CK Evaluations tested vendors by emulating the TTPs of OilRig (also known by HELIX KITTEN), the adversary group with operations aligned to the strategic objectives of the Iranian government.

The attack scenario consisted of a spear-phishing attack on a national organization that used malware from HELIX KITTEN campaigns. The simulated threat attack then initiated lateral movement within networks to identify the attackers. and Gather critical information for the purpose of data exfiltration.

Real-time threat intelligence Collaborated across platforms and Cyberattacks are difficult to stop by sophisticated hackers. Managed Services teams can help. CrowdStrike’s Falcon Complete team collaborated in real time with the Falcon OverWatch threat-hunting service creating an incident diagram and Map out the locations of adversary activity within the infrastructure.

Combining human intelligence With AI and ML produces the best results

MDR Multiple product generation platforms for vendors and Managed Services experience using a combination intelligence/machine Learning (AI/ML) and human intelligence In real-time, performed the best in the MITRE assessment. SentinelOne and Microsoft were the top four vendors to detect the most of the 76 attacker techniques. and Palo Alto Networks.

These MDR Providers rely on insights and intelligence From senior security analysts who use AIApps in /ML and Techniques for analysing telemetry from networks and endpoints and Cloud infrastructure The result: AIExpertise in threat-hunting that is aided by technology to enable them to identify the problem. and You must stop breaches. 

MITRE Engenuity summarises its testing results in ATT&CK® Evaluations: Managed Services — OilRig (2022) and the Top 10 Ways to Interpret the Results. This document gives an overview of the methodology and The interpretation of results. MITRE also provides the layer file graphic for Additional analysis is available in its ATT&CK NavigatorBelow is an example.

MITRE 2
For the Managed Services — OilRig evaluation, 38 ATT&CK techniques and 26 sub-techniques across 12 ATT&CK tactics were in-scope. Source: ATT&CK Navigator

The results of the 16 vendors who participated in the MITRE ATT&CK Evaluations for Security Service Providers demonstrated the factors that allowed vendors to succeed. The best vendors are those who have mastered their security technology. They offer a comprehensive range of capabilities across all their security portfolios. They consistently produced the best security results with the highest detection coverage.

CrowdStrike led all vendors in this category by reporting 75 of the 76 advisory techniques used during the MITRE ATT&CK evaluation. In line with the fact that vendors who perform best have developed real-time threats, intelligence Incorporate them into your platforms and CrowdStrike managed services was able in 13 minutes to identify the emulated nation state adversary. 

For more information, MDR, AI-Assisted threat intelligence This is the key

The convergence of AIML and human intelligence In an integrated MDR The future is in the solution cybersecurity. Product lifecycles are therefore important. for cybersecurity Platforms need to be seamlessly integrated MDR workflows. That way, valuable capabilities — like native, first-party threat intelligence — become truly actionable.

It showed how MDR Solutions that can generate, or create, and Then vet the threat intelligence They are able to identify the most significant events. CrowdStrike’s reliance on Indicators of Compromise (IOCs) and Other strategic insights are integrated throughout their products to show how they deal with threat intelligence Can be scaled across an MDR solution. How to identify the nuanced aspects MDR solutions, and What should enterprises look for? for in a solution, is why the MITRE ATT&CK Evaluations for Security service providers are so valuable for These benchmarks are important for organizations. for guidance.

VentureBeat’s mission It is to become a digital city square for Tech decision-makers should be able to learn about transformative enterprise technologies and transact. Check out our briefings.