MITRE ATT&CK Evaluation Showcases FireEye Endpoint Security and Mandiant Managed Defense
“We view the evaluations as a collaborative process to help the participating vendors improve their products, which ultimately makes cyberspace safer for everyone,” said
MITRE developed and maintains ATT&CK based on open source reporting of adversary tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense.
FireEye Delivered Most Comprehensive Coverage of All Tools Tested
MITRE evaluations do not constitute a rank, score, or endorsement. However, the results found that FireEye Endpoint Security delivered the most coverage against APT29 attacks across all detection categories including General, Technique, Tactic, MSSP, and Telemetry.
“There is more than one way to detect a threat. This latest MITRE evaluation replicating the real-world tactics, techniques, and procedures (TTPs) employed by APT29 reinforces the importance of this point,” said
Most comprehensive coverage:
FireEyeearned the highest cumulative detections across all categories (General, Technique, Tactic, MSSP, and Telemetry) among the 21 evaluated vendors. This includes counts where vendors had more than one way of identifying a threat for a particular attack tested, signifying depth of coverage. This is reflective of the adaptive, in-depth defense approach that allows FireEyeto discover malicious activity via multiple detection techniques.
Highest number of Technique detections:
FireEyeearned the highest number of Technique detections amongst all 21 vendors. MITRE evaluates the Technique category based on how the tool provides rich data that answers the question of precisely what was done and why. This is a measure of how many alerts directly map to the MITRE ATT&CK framework.
Highest number of Product detections and Telemetry: This showcased that not only does
FireEyeoffer the most comprehensive coverage, but it also provides analysts with enriched raw data to mitigate and respond to a threat.
Most comprehensive context around the threat: MITRE utilized a new detection category (MSSP) to highlight managed capabilities of EDR vendors. Using detailed investigative reports and rapid response from Mandiant Managed Defense,
FireEyeprovided the greatest context around the threats, and with one of the highest numbers of MSSP category detections.
Further details on how FireEye Endpoint Security performed in this MITRE ATT&CK evaluation can be found on the
For more details on FireEye Endpoint Security, and to request a 30-day evaluation, visit https://www.fireeye.com/endpoint, or take a self-guided tour by visiting https://content.fireeye.com/product-demo/webpage-endpoint-security-portal
Organizations can validate their own endpoint vendor against APT29 as well as the key threat actors targeting their industry using the Mandiant Security Instrumentation Platform (formerly the Verodin® Security Instrumentation Platform). Request a demo at https://www.fireeye.com/solutions/verodin-security-instrumentation/request-a-demo.html
Additional information on FireEye Mandiant Managed Defense is available at https://www.fireeye.com/solutions/managed-defense.html