Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Why I’m ecstatic about the MITRE ATT&CK results



By Scott Lundgren, Chief Technology Officer, Carbon Black

Recently MITRE , a not-for-profit organisation that solves problems for a safer world, published the results of its first public evaluation of endpoint detection and response (EDR) vendors based on its increasingly-popular ATT&CK framework.

The ATT&CK evaluations are a new approach to EDR testing open, sophisticated, rigorous, and reflective of the real world. At Carbon Black we applaud MITRE’s efforts and are very pleased with the results for our CB Response solution, which had zero delayed and zero tainted detections throughout the evaluation.

The evaluations for this initial testing period used a MITRE-developed APT3 emulation plan and measured various solutions on behaviour detection, telemetry and enrichment, among other elements. Along with the other seven vendors included in this evaluation, we have worked alongside MITRE and their methodology for months, ensuring that the results gave an honest and accurate representation of what our product is able to achieve.

The open nature of this evaluation, and the fact that MITRE intentionally does not provide specific scores, rankings, ratings that are able to be skewed by vendor sponsorships, made this particular evaluation one that we at Carbon Black are extremely excited about.

And while the published results are extensive and extremely detailed, there are a few high level trends that particularly stood out to us:

Several recognisable EDR vendors shied away from the first evaluation. Nearly half of the vendors included in evaluation felt the need to include multiple products and/or services in their evaluation to achieve their best results. Carbon Black and RSA were the only two vendors to come out clean, with zero ‘delayed’ detections and zero ‘tainted’ detections. Every event Carbon Black detected could easily be visualised in the UI without requiring external tools to validate. While some of the other vendors required ‘humans in the loop’ to make many of their detections, 100 percent of Carbon Black detections were fully automated with zero delays and zero humans needed.

Our work with the MITRE ATT&CK framework hasn’t stopped with this evaluation. Along with the recent announcement of the results, we also announced that we’ve added a MITRE ATT&CK threat intelligence feed directly into CB Response, in addition to our recently announced CB ThreatHunter product, which offers all of the same powerful detection, response and threat hunting capabilities through our Predictive Security Cloud platform.

As I mentioned, we’re proud to be among the initial vendors evaluated by MITRE to be among the initial vendors evaluated by MITRE and we’re extremely proud of our results. Objective, transparent and open testing is critical as a means of driving the industry forward and the MITRE ATT&CK framework offers a critical look at how real-world attacks play out.

The ATT&CK framework closely aligns with Carbon Black’s belief that detecting attacker behaviour is exponentially more important than detecting malware alone. MITRE has set an excellent standard for how testing should be conducted and Carbon Black has set the standard for quick and conclusive detection.

We look forward to continuing to our work with MITRE as their testing evolves.


With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll
be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

Sydney 29-30 November

Brisbane 3-4 December

Melbourne 6-7 December

Register now for YOW! Workshops

Sydney 27-28 November

Melbourne 4-5 December



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

How does business security get breached?

What can it cost to get it wrong?

6 actionable tips


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles

Latest Images