CrowdStrike Falcon Achieves Comprehensive Detection and Extensive Visibility in Every Stage Of The Latest MITRE Engenuity ATT&CK Evaluation
CrowdStrike, a leader in cloud-delivered endpoint protection, today announced it has successfully completed its third ATT&CK Evaluation performed by MITRE Engenuity. CrowdStrike Falcon was evaluated for its ability to detect attack techniques employed by CARBON SPIDER (also known as FIN7) and Carbanak, sophisticated cyber criminals affiliated with the multiple adversary groups. The series of attacks spanned the Enterprise ATT&CK spectrum, covering 20 separate test steps on both Linux and Windows operating systems.
ATT&CK is a MITRE-developed knowledge base of adversary tactics and techniques based on real-world observations to describe and better understand threats and to pinpoint gaps in visibility and process. MITRE Engenuity’s ATT&CK Evaluations test a vendor’s ability to detect adversary activity across a full range of sophisticated attacks, from initial breach all the way through lateral movement, persistence and exfiltration.
CrowdStrike’s results in this latest ATT&CK Evaluation demonstrate CrowdStrike Falcon’s exceptional prowess in delivering protection, visibility, and detection via a single, intelligent agent to secure endpoints and workloads across the entire breadth of the ATT&CK framework. Unlike other vendors, Falcon focuses on providing highly actionable alerts, dramatically reducing alert fatigue for security analysts. Falcon’s actionable alerts are enriched with deep contextual telemetry into adversary techniques, which are tested across different enterprise attack surfaces, to allow security analysts to understand threats quickly and act decisively.
Key results from MITRE Engenuity’s ATT&CK Evaluation include:
● CrowdStrike Falcon achieved comprehensive detection coverage by providing actionable alerts on each of the 20 steps of the Evaluation. The Falcon platform prevented simulated intrusions against both threat actors at multiple steps across the MITRE ATT&CK framework, demonstrating equally strong capabilities across Windows and Linux platforms, via a single lightweight, intelligent agent.
● CrowdStrike’s CrowdScore detection engine correlated relevant indicators of compromise and telemetry to detect the sophisticated adversary intrusions, helping to speed up time to response.
● Falcon provided deep and comprehensive visibility into attack behaviors, ultimately reducing the time needed to understand, contain and remediate incidents.
Lesen Sie auch
● CrowdStrike’s unique CrowdScore Incident Workbench prioritized and visualized the detected attacks with rich contexts such as ATT&CK Tactics and Techniques, threat actor intelligence, devices and users. Results were presented as actionable security incidents enriched with deep contextual telemetry — replacing discrete security alerts that can overwhelm security teams and providing benefits that no other vendor could match.