Decoding MITRE Evaluations

Introduction:

As the cybersecurity landscape evolves, MITRE Engenuity ATT&CK® Evaluations have become a crucial benchmark for assessing the capabilities of security solutions. In this article, Scott Simkin and Joel Spurlock from CrowdStrike shed light on their recent achievements in MITRE evaluations, emphasizing the importance of understanding the nuances and interpretations of the results.

CrowdStrike’s Unparalleled Success in MITRE Engenuity ATT&CK® Evaluations

CrowdStrike proudly boasts the highest coverage in the last two consecutive MITRE Engenuity ATT&CK® Evaluations. Achieving 100% protection, visibility, and analytic detection coverage in the Enterprise Round 5 evaluation solidifies CrowdStrike’s commitment to preventing breaches effectively.

The Challenge of Interpreting MITRE Results

MITRE’s unique evaluation approach, devoid of comparative scores or vendor placement on graphs, demands a nuanced understanding. Simkin and Spurlock highlight the potential confusion arising from varied testing approaches and the need for clearer guidelines and enforcement from MITRE.

Unveiling MITRE Evaluation Types

To demystify MITRE evaluations, the authors distinguish between open-book and closed-book tests. Open-book tests provide advance notice on known attackers, allowing vendors to fine-tune their systems. In contrast, closed-book tests for unknown attackers, such as the Managed Security Services Providers test, provide a realistic measure of real-world protection.

The Significance of High-Quality Analytics

Simkin and Spurlock emphasize the importance of high-quality analytics in MITRE evaluations, particularly in detecting advanced adversaries. They provide insights into how CrowdStrike’s analytic detections achieved a 100% coverage rate against Turla, a sophisticated Russia-based adversary, during Round 5.

Assessing Effectiveness Beyond Coverage

The article underscores the importance of evaluating a vendor’s ability to stop adversaries without manual intervention. CrowdStrike’s 100% protection rate in Round 5 highlights the effectiveness of their AI-powered prevention, prompting readers to question vendors on the use of easily bypassed signatures and the reproducibility of results in their own environment.

Transparency in Achieving Results

Simkin and Spurlock urge readers to scrutinize how vendors achieved their results, emphasizing that the process matters as much as the coverage itself. They encourage asking providers about the feasibility of reproducing results in a real-world environment and caution against solutions requiring complex deployments or custom test configurations.

Bringing It All Together

The authors stress the importance of looking beyond comparative charts and considering the details of how results are achieved. They highlight CrowdStrike’s commitment to delivering superior coverage with a single lightweight agent, ensuring ease of deployment and management.

Conclusion:

In conclusion, the article calls for industry-wide adherence to MITRE’s intention – applying valuable raw data in real-world environments with a clear understanding of how vendors achieved their results. CrowdStrike stands behind its platform, delivering true breach prevention, and encourages a focus on meaningful outcomes amid the noise of evaluation results.

Leave a Comment