SEPTEMBER 20, 2023

Deep Insight Results: 2023 MITRE Engenuity ATT&CK Evaluations for Enterprise

The results are in! In this blog post we’ll outline the results of the 2023 MITRE Engenuity ATT&CK Evaluations for Enterprise and cover the following:

  • What the ATT&CK Evaluations are and what it means for enterprises
  • The tactics, techniques, and procedures (TTPs) employed by Turla to perform an attack
  • How Deep Instinct’s platform prevents Turla attacks and protects your organization
Webinar

Peeling Back the Layers on MITRE Engenuity’s Latest Evaluations for Enterprise

Join us on October 4th at 2 PM ET / 11 AM PT to hear members of our Research & Development Team review what the MITRE ATT&CK Evaluations truly are and walk through the best ways to interpret the results, including details about how the tests are performed.

Background: MITRE Engenuity ATT&CK Evaluations

The MITRE ATT&CK Framework is an excellent tool for organizations to plan and understand their defense-in-depth strategy. Mapping the tactics, techniques, and procedures (TTPs) coverage to understand where your gaps lie is important to protecting your organization against cyber threats.

MITRE Engenuity’s ATT&CK Evaluation Results Released

Earlier today MITRE Engenuity released the results from their latest round of ATT&CK Evaluations for Enterprise that focused on complex, multi-stage, impact-focused attacks carried out by Turla, a sophisticated Russian-based threat group that has infected victims in over 45 countries. The group is known to target government agencies, diplomatic missions, military groups, and research and media organizations. Without the right tools and capabilities, defending against Turla is like wrestling a bear. That’s because Turla adopts novel and sophisticated techniques to maintain operational security, including the use of a distinctive command-and-control network in concert with their repertoire of open-source and in-house tools.

In the past, MITRE Engenuity ATT&CK Evaluations had been more focused on evaluating detection and response, post infection. This approach was tied closely with the reactive, “assume breach” mindset of the past decade which looks for anomalous behaviors to stop a breach after an attack has executed on the endpoint. Beginning in 2020, MITRE Engenuity added a protection portion to the test which aims to evaluate a solution’s ability to prevent attacks and not just provide breach details and rollback.

This is fundamentally the difference between Deep Instinct’s predictive prevention, which keeps threats out, vs EDRs who are only enabling detection and response after a breach has occurred. Learn more here about why you need Deep Instinct even if you have an EDR.

In this most recent round of testing, which took place in Q2/Q3 of 2023, the results of the protection segment of the test validated the strength and robustness of Deep Instinct’s multi-layered, proactive predictive prevention and highlighted the value our customers are seeing every day. Deep Instinct also achieved exemplary detection coverage across various execution, persistence, and impact techniques emulated. These are exactly the results we would expect as a proactive prevention solution.

4 Key Takeaways from Deep Instinct’s MITRE Engenuity participation:

  1. Deep Instinct provided excellent prevention, detection, and visibility into all 18 attack steps tested.
  2. Deep Instinct’s prevention and detection engines achieved excellent detection coverage and visibility on all techniques included in the test including execution, persistence, privilege escalation, lateral movement, and more.
  3. Deep Instinct’s detection engine improved tremendously compared to the 2022 MITRE evaluation with 90% detection (up from 70%).
  4. The tests that were prevented by the D-brain static analysis (Deep Instinct’s patented deep learning technology engine) didn’t succeed in writing the file to the disk, which emphasizes our superior prevention capabilities based on AI.
The Importance of Prevention

Prevention has an extremely positive impact on your overall security posture by filling the gaps that exist in your coverage while reducing reliance on the downstream impacts of detection and response. Defense-in-Depth is needed; with greater prevention you can lower security costs, improve efficiency, and reduce your overall risk. That way security teams can spend more time focusing on alerts that matter and less time chasing false positives. MITRE recognized this reality when they added protection testing.

Michael Suby, IDC Research VP, Security & Trust, states “There will be a rebirth in endpoint protection as organizations seek a better balance with detection and response capabilities and gravitate to vendor offerings that contain innovative leaps in endpoint protection efficacy.”

MITRE Engenuity testing is important, but sometimes a customer evaluation can say it all.

"I am now a believer of the capabilities of Deep Instinct as I had conducted my own pre-purchase trial where I tested some of the top vendors' engines and pitted them all against Deep Instinct (the competitors all lost badly in the detection phase of my testing). Deep Instinct handled many near zero-day threats that had been in the wild a much shorter time than Deep Instinct's detection engine's release date. It simply didn't matter to Deep Instinct. It found them all and stopped them at pre-execution. Since pre-execution was my strategic goal with a zero-defect mentality driving that concept — Deep Instinct rocketed to the top of my wish list. Other products I tested allowed some damage to occur or didn't detect a zero-day threat at all while they wreaked havoc in a sandboxed environment.” *
Conclusion

Deep Instinct excels at proactively preventing unknown, never-before-seen threats. Our innovative approach allows organizations to proactively prevent >99% of ransomware, zero-days, and other known and unknown malware. Deep Instinct also lowers false positives to <0.1%, reducing the burden on your security team and improving your ability to detect the most advanced threats. And proactive prevention can lower downstream costs, improve the efficiency of your SOC, and lower your overall risk.

We found significant value in participating in the MITRE Engenuity testing, but in reality, we do it every day. Our customers are our real proof points as they benefit from a true prevention-first approach with Deep Instinct, lowering the resource requirements of their security professionals by reducing false positives and improving investigation and remediation. When the next unknown threat hits, you need the best preventative solution to keep the attackers out and ensure you can automate responses with your EDR. This approach delivers the best of both worlds.

We invite you to request a demo and test us out to see the positive impact a prevention-first approach will have on your organization’s security posture.

For further reading please see our EDR is Not Enough eBook and Deep Instinct’s latest Voice of SecOps Report.

*Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Learn More

Register for our webinar, Peeling Back the Layers on MITRE Engenuity’s Lates Evaluations for Enterprise, on Wednesday, October 4th at 2 PM ET / 11 AM PT to hear members of our Research & Development Teams review what the MITRE ATT&CK Evaluations truly are and walk through the best ways to interpret the results, including details about how the tests are performed.

About MITRE Engenuity ATT&CK® Evaluations

ATT&CK® Evaluations is built on the backbone of MITRE’s objective insight and conflict-free perspective. Cybersecurity providers turn to the Evaluations program to improve their offerings and to provide defenders with insights into their product’s capabilities and performance. Evaluations enable defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology using a collaborative, threat-informed, purple-teaming approach that brings together providers and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity’s commitment to serve the public good, Evaluations results and threat emulation plans are freely accessible.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, investing in pandemic preparedness, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. https://mitre-engenuity.org.