MITRE ATT&CK Evaluation Showcases FireEye Endpoint Security and Mandiant Managed Defense

FireEye delivered the most comprehensive coverage across all detection categories in evaluation simulating real-world attacks by Russian-backed adversary APT29

FireEye, Inc., the intelligence-led security company, announced that FireEye Endpoint Security and Mandiant Managed Defense delivered the most comprehensive coverage across all detection categories in the MITRE ATT&CK evaluation.

.@FireEye #Endpoint and @Mandiant Managed Defense delivered the most comprehensive detection across all categories in the new @MITREattack evaluation simulating real-world #APT29 attacks.

FireEye was one of 21 vendors selected to participate. The evaluation simulated real-world attacks used by the Russian-backed adversary APT29. This year’s evaluation included a new detection category called MSSP that highlights vendors’ ability to enrich alerts with enhanced context. Mandiant Managed Defense had one of the highest number of enriched alerts in the new MSSP detection category defined by MITRE, showcasing the advanced threat hunting and detection capabilities of the managed detection and response (MDR) service.

Recommended AI News: Creatio Introduces a Major Update to Its Low-Code Platform for Process Management and CRM

“We view the evaluations as a collaborative process to help the participating vendors improve their products, which ultimately makes cyberspace safer for everyone,” said Frank Duff, ATT&CK Evaluations lead. “Taken as a whole, the results indicate that the participating vendors are beginning to understand how to detect the advanced techniques used by groups like APT29, and develop products that provide actionable data in response for their users.”

MITRE developed and maintains ATT&CK based on open source reporting of adversary tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense.

FireEye Delivered Most Comprehensive Coverage of All Tools Tested

MITRE evaluations do not constitute a rank, score, or endorsement. However, the results found that FireEye Endpoint Security delivered the most coverage against APT29 attacks across all detection categories including General, Technique, Tactic, MSSP, and Telemetry.

“There is more than one way to detect a threat. This latest MITRE evaluation replicating the real-world tactics, techniques, and procedures (TTPs) employed by APT29 reinforces the importance of this point,” said Michelle Salvado, Vice President of Engineering and Endpoint GM at FireEye. “Customers who drill into the results will see FireEye had the most comprehensive coverage of all the tested vendors, with the greatest number of total cumulative detections. This highlights the full strength of our solution. We continue to know more about the adversary than other security companies. As attacks evolve, the breadth of detection and protection that FireEye Endpoint Security and Mandiant Managed Defense offer becomes much more critical.”

Recommended AI News: Trustopia Selects Acuant for Identity Verification to Set a New Digital Standard for Global People Screening

Key FireEye performance highlights include:

• Most comprehensive coverage: FireEye earned the highest cumulative detections across all categories (General, Technique, Tactic, MSSP, and Telemetry) among the 21 evaluated vendors. This includes counts where vendors had more than one way of identifying a threat for a particular attack tested, signifying depth of coverage. This is reflective of the adaptive, in-depth defense approach that allows FireEye to discover malicious activity via multiple detection techniques.
• Highest number of Technique detections: FireEye earned the highest number of Technique detections amongst all 21 vendors. MITRE evaluates the Technique category based on how the tool provides rich data that answers the question of precisely what was done and why. This is a measure of how many alerts directly map to the MITRE ATT&CK framework.
• Highest number of Product detections and Telemetry: This showcased that not only does FireEye offer the most comprehensive coverage, but it also provides analysts with enriched raw data to mitigate and respond to a threat.
• Most comprehensive context around the threat: MITRE utilized a new detection category (MSSP) to highlight managed capabilities of EDR vendors. Using detailed investigative reports and rapid response from Mandiant Managed Defense, FireEye provided the greatest context around the threats, and with one of the highest numbers of MSSP category detections.