Tech Library is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

TECH DIGITAL RESOURCE LIBRARY

Improve MITRE ATT&CK Test Results for Endpoint Security Using Deception

Jan 13, 2021

As part of its support for ATT&CK®, MITRE recently began evaluating vendor products, as a neutral authority, by testing the ability of specific solutions to detect inbound attacks based on the framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE's evaluation methodology and evaluation results are all publicly available on the MITRE website.

Using this data, Attivo Networks® conducted a study to evaluate how endpoint security solutions performed within the MITRE evaluations individually and how the performance improved when used in conjuction with the Attivo EDN suite, based on existing capability mappings and the methodology provided. Attivo Networks completed evaluations using the MITRE ATT&CK® DIY Assessment tool for both the APT3 and APT29.

In this report, Dr. Edward Amoroso, CEO of TAG Cyber, outlines the results of a recent round of MITRE ATT&CK® testing performed for four top endpoint security tools. It presents and overview of the MITRE process, along with results for augmenting several endpoint security tools with a commercial deception solution from Attivo Networks, which produced an average increase of 42% in detection rate.


Whitepaper