Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:15 PM
Dark Reading
Dark Reading
Products and Releases

Attivo Networks Improves Endpoint Security as Demonstrated by MITRE ATT&CK Evaluations

When used in conjunction with leading EDR solutions, Attivo EDN technology augments the detection rates by an average of 42%.

FREMONT, Calif., June 16, 2020 – Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced the results of MITRE ATT&CK APT29 Adversary Evaluations on its Endpoint Detection Net (EDN) solution. The results demonstrate that when used in conjunction with leading EDR solutions, Attivo EDN technology augments the detection rates by an average of 42%.

To assist organizations in addressing cyber risk, MITRE created the ATT&CK model, which offers a comprehensive framework of possible attack strategies. MITRE recently began evaluating vendor EDR products to test their effectiveness against the ATT&CK framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE’s evaluation methodology and all evaluation results are publicly available (https://attackevals.mitre.org/).

Using the MITRE ’Do It Yourself’ Evaluation Tool , Attivo Networks ran the test against its EDN technology. The test assessed the solution’s effectiveness against APT29 attacks in combination with leading EDR solutions. Attivo Networks used both a weighted scoring system that rewards more points for higher value detections and a flat scoring model that rewards one point for a detection belonging to any category. After being compiled, the scores of the four leading EDR solutions showed an average detection improvement rate of 42% observed. These results demonstrate that the Attivo Networks threat detection solution augmented the leading EDR solutions. MITRE also evaluated against APT3 attacks, with the EDN solution delivering similar results.

“The notion of adding deception to endpoint security is consistent with a layered defense methodology,” said Dr. Ed Amoroso, CEO of leading analyst firm TAG Cyber. “The MITRE ATT&CK evaluation criteria provides a quantitative testbed demonstrating how Attivo Networks augments leading EDR solutions evaluated by MITRE.”

“The MITRE ATT&CK evaluation clearly demonstrates Attivo’s value in detecting lateral movement, which is an important part of the framework,” said Tushar Kothari, Attivo Networks CEO. “Organizations add Attivo EDN to their security solutions to broaden their ability to protect the endpoint from additional attack vectors.”

Key takeaways from this evaluation include:

  • Each endpoint security solution fared well individually in the MITRE evaluations;
  • The EDN solution improved lateral movement detection performance in the middle phases of the ATT&CK matrix;
  • The EDN solution added greater technique visibility to enhance adversary intelligence;
  • The observed improvements were meaningful across both scoring methodologies, eliminating methodological biases;
  • Using an endpoint security solution in conjunction with the Attivo Networks EDN suite improved overall solution performance, noting that the evaluators did not double-count duplicated detections and attributed them to the EDR score.

About the ThreatDefend® Platform and EDN

The ThreatDefend® Deception Platform is a comprehensive detection solution that provides early detection across networks, endpoints, applications, data, and Active Directory. It includes the BOTsink® deception servers for decoys, the Endpoint Detection Net (EDN) suite for endpoint lateral movement detection, and ADSecure™ for Active Directory defense. Altogether, these solutions create a deception fabric that detects in-network attackers across any attack surface, whether on-premises, in the cloud, or at remote locations, regardless of attack vector. The ThreatDefend platform EDN suite strengthens endpoint defensive capabilities by detecting and alerting on attack tactics that attackers use once they manage to compromise a system to spread to other devices on the network.

Additional Resources

Learn more about these results and how Attivo Networks conducted the MITRE ATT&ACK evaluation:

About Attivo Networks
Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces. The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 125 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How SolarWinds Busted Up Our Assumptions About Code Signing
Dr. Jethro Beekman, Technical Director,  3/3/2021
'ObliqueRAT' Now Hides Behind Images on Compromised Websites
Jai Vijayan, Contributing Writer,  3/2/2021
Attackers Turn Struggling Software Projects Into Trojan Horses
Robert Lemos, Contributing Writer,  2/26/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-03-08
Dell iDRAC8 versions prior to contain a host header injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary ‘Host’ header values to poison a web-cache or trigger redirections.
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation.
PUBLISHED: 2021-03-08
Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability.
PUBLISHED: 2021-03-08
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulner...
PUBLISHED: 2021-03-08
PowerScale OneFS 8.1.2,8.2.2 and 9.1.0 contains an improper input sanitization issue in a command. The Compadmin user could potentially exploit this vulnerability, leading to potential privileges escalation.