Kaspersky enterprise solution’s quality proven in MITRE ATT&CK ® Evaluation23 April 2020Kaspersky EDR and Kaspersky Managed Protection (MDR service) for enterprises have been tested in the MITRE ATT&CK Evaluation Round 2 to examine the solution’s ability to detect the tactics and techniques of targeted cyberattacks. The evaluation was conducted in 2019-2020, emulating attack techniques of the APT29 threat group (aka CozyDuke, CozyBear, The Dukes). The evaluation revealed the strong threat detection capabilities of Kaspersky’s solutions. Using its own ATT&CK matrix, MITRE evaluates the performance of EDR products from different vendors. The MITRE ATT&CK Evaluation is the first comprehensive test of its kind, as it does not just analyze malware detection levels but aims to create a full picture of the ability of an EDR solution to handle all the stages of an advanced multi-staged attack. There is no scoring system in this test to compare different vendors. Every customer can decide what capabilities of each product are important to its organization’s particular security goals. Prior to the evaluation, MITRE invited security experts to send in their own research on APT29, to improve the emulation. Kaspersky contributed its own threat intelligence on this group to MITRE. Then, through an in-depth assessment carried out over three days, MITRE tested Kaspersky's solution against emulated attack techniques. The Evaluation found that Kaspersky’s solution, which includes the Kaspersky EDR product with Kaspersky Endpoint Security for Business and Kaspersky Managed Protection service, showed good visibility of most of the techniques tested. It demonstrated a high level for detecting key techniques applied at crucial stages of modern targeted attacks; these stages are Execution, Persistence, Privilege Escalation and Lateral Movement. Kaspersky product showed 100% visibility in these techniques. The results also proved the importance of a comprehensive solution that combines a fully automated multi-layered security product and an automated manual threat hunting service. Even though many attack methods were well detected by Kaspersky EDR automatically, there were also techniques that required human expertise to uncover. All of Kaspersky’s ATT&CK-related materials, including the evaluation results analysis and the examples of the ATT&CK used in Kaspersky products can be found at Kaspersky.com/MITRE. About Kaspersky Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. |