14.7 C
London
Monday, September 9, 2024

The way to Interpret the 2023 MITRE ATT&CK Analysis Outcomes


Sep 22, 2023The Hacker InformationMITRE ATT&CK / Cybersecurity

The way to Interpret the 2023 MITRE ATT&CK Analysis Outcomes

Thorough, unbiased checks are an important useful resource for analyzing supplier’s capabilities to protect towards more and more refined threats to their group. And maybe no evaluation is extra broadly trusted than the annual MITRE Engenuity ATT&CK Analysis.

This testing is important for evaluating distributors as a result of it is just about not possible to guage cybersecurity distributors primarily based on their very own efficiency claims. Together with vendor reference checks and proof of worth evaluations (POV) — a reside trial — the MITRE outcomes add extra goal enter to holistically assess cybersecurity distributors.

Let’s dive into the 2023 MITRE ATT&CK Analysis outcomes. On this weblog, we’ll unpack MITRE’s methodology to check safety distributors towards real-world threats, provide our interpretation of the outcomes and determine prime takeaways rising from Cynet’s analysis.

How does MITRE Engenuity take a look at distributors throughout the analysis?

The MITRE ATT&CK Analysis is carried out by MITRE Engenuity and checks endpoint safety options towards a simulated assault sequence primarily based on real-life approaches taken by well-known superior persistent menace (APT) teams. The 2023 MITRE ATT&CK Analysis examined 31 vendor options by emulating the assault sequences of Turla, a classy Russia-based menace group identified to have contaminated victims in over 45 nations.

An vital caveat is that MITRE doesn’t rank or rating vendor outcomes. As a substitute, the uncooked take a look at knowledge is printed together with some primary on-line comparability instruments. Consumers then use that knowledge to guage the distributors primarily based on their group’s distinctive priorities and desires. The taking part distributors’ interpretations of the outcomes are simply that — their interpretations.

So, how do you interpret the outcomes?

That is a terrific query — one which lots of people are asking themselves proper now. The MITRE ATT&CK Analysis outcomes aren’t introduced in a format that many people are used to digesting (taking a look at you, magical graph with quadrants).

And unbiased researchers usually declare “winners” to lighten the cognitive load of determining which distributors are the highest performers. On this case, figuring out the “finest” vendor is subjective. Which, if you do not know what to search for, can really feel like a trouble in the event you’re already annoyed with making an attempt to evaluate which safety vendor is the appropriate match on your group.

With these disclaimers issued, let’s now evaluate the outcomes themselves to check and distinction how taking part distributors carried out towards Turla.

MITRE ATT&CK Outcomes Abstract

The next tables current Cynet’s evaluation and calculation of all vendor MITRE ATT&CK take a look at outcomes for an important measurements: General Visibility, Detection Accuracy, and General Efficiency. There are quite a lot of different methods to have a look at the MITRE outcomes, however we think about these to be most indicative of an answer’s skill to detect threats.

General Visibility is the overall variety of assault steps detected throughout all 143 sub-steps. Cynet defines Detection High quality as the proportion of assault sub-steps that included “Analytic Detections – those who determine the tactic (why an exercise could also be taking place) or method (each why and the way the method is going on).

Moreover, it is vital to have a look at how every answer carried out earlier than the seller adjusted configuration settings as a result of lacking a menace. MITRE permits distributors to reconfigure their methods to try to detect threats that they missed or to enhance the data they provide for detection. In the true world we do not have the luxurious of reconfiguring our methods as a result of missed or poor detection, so the extra real looking measure is detections earlier than configuration adjustments are carried out.

How’d Cynet do?

Primarily based on Cynet’s evaluation, our group is pleased with our efficiency towards Turla on this yr’s MITRE ATT&CK Analysis, outperforming nearly all of distributors in a number of key areas. Listed here are our prime takeaways:

  • Cynet delivered 100% Detection: (19 of 19 assault steps) with NO CONFIGURATION CHANGES
  • Cynet delivered 100% Visibility: (143 of 143 assault sub-steps) with NO CONFIGURATION CHANGES
  • Cynet delivered 100% Analytic Protection: (143 of 143 detections) with NO CONFIGURATION CHANGES
  • Cynet delivered 100% Actual-time Detections: (0 Delays throughout all 143 detections)

See the complete evaluation of Cynet’s efficiency within the 2023 MITRE ATT&CK Analysis.

Let’s dive a bit deeper into Cynet’s evaluation of a few of the outcomes.

Cynet was a prime performer when evaluating each visibility and detection high quality. This evaluation illustrates how properly an answer does in detecting threats and offering the context essential to make the detections actionable. Missed detections are an invite for a breach, whereas poor high quality detections create pointless work for safety analysts or probably trigger the alert to be ignored, which once more, is an invite for a breach.

MITRE ATT&CK Evaluation

Cynet delivered 100% visibility and completely detected each one of many 143 assault steps utilizing no configuration adjustments. The next chart reveals the proportion of detections throughout all 143 assault sub-steps earlier than the distributors carried out configuration adjustments. Cynet carried out in addition to two very giant, well-known, safety firms regardless of being a fraction their measurement and much better than a few of the greatest names in cybersecurity.

MITRE ATT&CK Evaluation

Cynet offered analytic protection for 100% of the 143 assault steps utilizing no configuration adjustments. The next chart reveals the proportion of detections that contained vital tactic or method info throughout the 143 assault sub-steps, once more earlier than configuration adjustments have been carried out. Cynet carried out in addition to Palo Alto Networks, a $76 billion publicly traded firm with 50 instances the variety of staff and much better than many established, publicly traded manufacturers.

MITRE ATT&CK Evaluation

Nonetheless have questions?

Comprehensible.

In this webinar, Cynet CTO Aviad Hasnis and ISMG SVP Editorial Tom Discipline evaluate the not too long ago launched outcomes and share skilled recommendation for cybersecurity leaders to interpret the outcomes to seek out the seller that most closely fits the precise wants of their group. He’ll additionally share extra particulars on Cynet’s efficiency throughout the checks and the way that might translate to your group’s distinctive targets.

Discovered this text attention-grabbing? Observe us on Twitter and LinkedIn to learn extra unique content material we publish.



Latest news
Related news

LEAVE A REPLY

Please enter your comment!
Please enter your name here