Mitre recently completed their first ATT&CK Evaluation specifically for Managed Detection and Response (MDR) vendors. Unlike many past ATT&CK Evaluations where participants were aware of the adversary Tactics, Techniques and Procedures (TTPs), this one was run as a “Black Box”, meaning participants didn’t have advanced notice on the adversary TTPs that they would be faced to defend. In this evaluation, MITRE leveraged the TTPs of OilRig, an Iranian threat group, believed to be state sponsored in funding and research by the Islamic Republic of Iran.
ATT&CK Evaluation Operational Flow:
ATT&CK Evaluation Payloads:
Techniques used
Environment:
Most Common Missed Substeps Across all Vendors
Total Substep Detections by MDR Vendor
Total Substep Misses by MDR Vendor
Vendors Using Microsoft Defender for Endpoint Compared
- Atos
- CriticalStart
- Microsoft
- Red Canary
Vendors using SentinelOne Compared
- Open Text
- SentinelOne
Vendors using Palo Alto Cortex Compared
- NVISO
- Palo Alto Networks
The Highest in MDR Detections: Crowdstrike
Get In Touch
Get Defensive