MITRE ATT&CK Evaluations: Hereâs What MSSPs Need to Know>
MSSP Alert – Dan Kobialka
McLean, VA, and Bedford, MA, April 21, 2020âMITRE released the results of an independent set of evaluations of cybersecurity products from 21 vendors to help government and industry make better decisions to combat security threats and improve industryâs threat detection capabilities. MITRE previously evaluated products from Carbon Black, CrowdStrike, GoSecure, Endgame, Microsoft, RSA, SentinelOne, Cybereason, F-Secure, FireEye, McAfee, and Palo Alto against the threat posed by APT3, a Chinese group that analysts believe is currently focused on monitoring Hong Kong-based political targets, and began releasing those results in late 2018. The ATT&CK Evaluations team chose emulating APT29 because it offered the chance to evaluate the cybersecurity products against an adversary that uses sophisticated implementations of techniques through custom malware and alternate execution methods, such as PowerShell and WMI. The team has also released a Do It Yourself APT29 evaluation that leverages CALDERA, an automated red team system that MITRE developed using the ATT&CK knowledge base. This enables users who are intrigued by the evaluations to test security products in their own environments against the same adversary. This may be particularly useful for organizations that canât afford to employ a red team, Duff said. The evaluations, which were paid for by the vendors, include products from Bitdefender, Blackberry Cylance, Broadcom (Symantec), CrowdStrike, CyCraft, Cybereason, Elastic (Endgame), F-Secure, FireEye, GoSecure, HanSight, Kaspersky, Malwarebytes, McAfee, Microsoft, Palo Alto Networks, ReaQta, Secureworks, SentinelOne, Trend Micro, and VMware (Carbon Black).
Link: https://www.msspalert.com/cybersecurity-research/mitre-attck-evaluations-heres-what-mssps-need-to-know/?utm_medium=email&utm_source=sendpress&utm_campaign