- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
This blog written by Sharon Maydar and published on June 18, 2024.
Today, MITRE Engenuity unveiled the results of its second-ever ATT&CK Evaluations for Managed Services. For the second consecutive year, Unit 42 Managed Detection and Response (MDR) excelled in the evaluation, delivering MTTD twice as fast as the average participant. We leveraged Palo Alto Networks industry-leading Cortex XDR, the only product that achieved 100% protection and 100% detection coverage during the previous round of the MITRE Enterprise Evalua.... With Cortex XDR behind Unit 42 MDR, we deliver the industry’s best detection and response to sophisticated cyberthreats.
We deliver the most important and actionable information as quickly as possible in order to enable accurate, efficient and confident decisions about next steps. With Unit 42 MDR, customers receive a balanced combination of high-quality information, granularity and speed.
As part of the evaluation, we delivered a detailed threat report highlighting crucial information for response and remediation. Our executive summary quickly identifies answers to the most important questions facing an organization under attack:
Third-party evaluations like MITRE’s shed light on how vendors would realistically perform against real-world, highly sophisticated threats in a customer environment.
This year’s evaluation was a rigorous 5-day test, named MITRE ATT&CK Evaluation Managed Services: menuPass + ALPHV BlackCat. The evaluation is closed book; vendors are not given prior information on the adversary or techniques. Vendors provide analysis in the same format they deliver reports to their customers. MITRE Engenuity’s evaluation prohibits prevention or remediation, unlike in real-world scenarios.
According to MITRE, this test included sophisticated techniques, including multi-subsidiary compromise with overlapping operations focusing on defense evasion, exploiting trusted relationships, data encryption and inhibiting system recovery.
Our Unit 42 MDR team leveraged Cortex XDR, high fidelity threat-intelligence and AI-powered analytics to accurately identify/attribute the two adversaries as APT10 (aka menuPass) and BlackCat (aka ALPHV).
We mapped key details of the suspicious activity in the evaluation to MITRE ATT&CK TTPs and identified the threat actors’ maneuvers and intentions. By helping our customers understand adversary tactics and tools, they can better target their defense strategies and improve cyber resilience.
In the first few pages of our threat report, we included a threat brief that accurately identified the impacted hosts and usernames on the attack chain. Our report accompanied messages to the customer, delivered via Cortex XDR. Unit 42 MDR is natively integrated into Cortex XDR and all Unit 42 MDR customers have immediate access to all alerts in the Cortex XDR console.
Normally, we would immediately inform the customer upon identifying a verified threat and start remediation actions. However, remediation was not permitted by MITRE in this test, so we provided recommendations for remediation and posture hardening.
Our Unit 42 MDR service is a powerful combination of the industry’s best extended detection and response technology – Cortex XDR – and world-renowned Unit 42 expertise and threat intelligence. Unit 42 MDR includes proactive threat hunting to help customers detect the most evasive and sophisticated threats.
Organizations partner with MDR providers to help them more quickly, accurately and effectively address threats 24/7/365. According to the Unit 42 Incident Response Report, attacks are happening in just hours, and time to exfiltration is often less than a day. Read our MDR threat report and see how Unit 42 can help your organization accurately and quickly understand the most important information related to a threat with actionable, clear recommendations.
We want to thank the MITRE Engenuity team for the effort they put into running this evaluation.
Importantly, in this evaluation MITRE Engenuity defined MTTD in a unique way: “MTTD is the average time between when an attack is run and when the managed service provider triggers an alert on this attack. The timestamp on the first email relevant to the step in question was used.” You may be confused as usually MTTD is defined as the average time of alert detection within the product. MITRE Engenuity advised they use email timestamps as they’re immutable and cannot be manipulated on the backend.
These results continue a trend of industry-leading validation for Cortex XDR and Unit 42 MDR in independent, third-party security assessments, including the MITRE Enterprise ATT&CK Evaluations, Forrester XDR Wave and Frost Radar: Global MDR.
MITRE does not rank or rate participants in the evaluation.
This blog refers to MITRE Engenuity’s Managed Services Evaluation, which is different to MITRE Engenuity Enterprise Evaluations.
Read our Threat Report here.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Subject | Likes |
---|---|
3 Likes | |
3 Likes | |
2 Likes | |
2 Likes | |
2 Likes |
User | Likes Count |
---|---|
6 | |
4 | |
3 | |
2 | |
2 |