CrowdStrike, a provider in cloud-delivered endpoint protection, announced it has successfully completed its third ATT&CKEvaluation performed by MITRE Engenuity. CrowdStrike Falcon® was evaluated for its ability to detect attack techniques employed by CARBON SPIDER (also known as FIN7) and Carbanak, sophisticated cybercriminals affiliated with the multiple adversary groups. The series of attacks spanned the Enterprise ATT&CK spectrum, covering 20 separate test steps on both Linux and Windows operating systems.
ATT&CK is a MITRE-developed knowledge base of adversary tactics and techniques based on real-world observations to describe and better understand threats and to pinpoint gaps in visibility and process. MITRE Engenuity’s ATT&CK Evaluations test a vendor’s ability to detect adversary activity across a full range of sophisticated attacks, from initial breach all the way through the lateral movement, persistence and exfiltration.
CrowdStrike’s results in this latest ATT&CK Evaluation demonstrate CrowdStrike Falcon’s exceptional prowess in delivering protection, visibility, and detection via a single, intelligent agent to secure endpoints and workloads across the entire breadth of the ATT&CK framework. Unlike other vendors, Falcon focuses on providing highly actionable alerts, dramatically reducing alert fatigue for security analysts. Falcon’s actionable alerts are enriched with deep contextual telemetry into adversary techniques, which are tested across different enterprise attack surfaces, to allow security analysts to understand threats quickly and act decisively.
Key results from MITRE Engenuity’s ATT&CK Evaluation include:
- CrowdStrike Falcon achieved comprehensive detection coverage by providing actionable alerts on each of the 20 steps of the Evaluation. The Falcon platform prevented simulated intrusions against both threat actors at multiple steps across the MITRE ATT&CK framework, demonstrating equally strong capabilities across Windows and Linux platforms, via a single lightweight, intelligent agent.
- CrowdStrike’s CrowdScore detection engine correlated relevant indicators of compromise and telemetry to detect the sophisticated adversary intrusions, helping to speed up time to respond.
- Falcon provided deep and comprehensive visibility into attack behaviours, ultimately reducing the time needed to understand, contain and remediate incidents.
- CrowdStrike’s unique CrowdScore Incident Workbench prioritised and visualised the detected attacks with rich contexts such as ATT&CK tactics and techniques, threat actor intelligence, devices and users. Results were presented as actionable security incidents enriched with deep contextual telemetry — replacing discrete security alerts that can overwhelm security teams and providing benefits that no other vendor could match.
- Combined, these results showcased Falcon’s ability to deliver leading out-of-box detection and prevention into adversary activities, significantly reducing manual work for Security Operation Centers (SOCs) to bring down the total cost of ownership.
Also Read: How to Counter DDoS Threats
‘Modern endpoint protection platforms must solve deep customer pain points and offer a comprehensive view into the attack life cycle in order to help security teams pinpoint threats quickly and correlate massive data sets at scale. This ensures that threat intelligence is contextualised so that teams can take decisive action to stop incidents from becoming breaches’, said Michael Sentonas, CrowdStrike’s chief technology officer. ‘CrowdStrike’s enviable performance in three consecutive MITRE evaluations showcases the effectiveness of our world-class cross-platform endpoint protection technology. We believe our offering provides customers with the most innovative solution on the market – combining comprehensive detection with ease of use. Third-party testing is critical within the industry, and CrowdStrike remains committed to participating in programs that help to inform the industry and ultimately keep organisations more secure.’
CrowdStrike Falcon has been repeatedly tested and certified through a wide range of leading independent testing organizations. The results of this test highlight the consistent best-in-class threat detection capabilities of CrowdStrike Falcon, which were also demonstrated in multiple SE Lab Breach Response tests and by AV-Comparatives.