Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

6/17/2020
05:15 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Attivo Networks Improves Endpoint Security as Demonstrated by MITRE ATT&CK Evaluations

When used in conjunction with leading EDR solutions, Attivo EDN technology augments the detection rates by an average of 42%.

FREMONT, Calif., June 16, 2020 – Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced the results of MITRE ATT&CK APT29 Adversary Evaluations on its Endpoint Detection Net (EDN) solution. The results demonstrate that when used in conjunction with leading EDR solutions, Attivo EDN technology augments the detection rates by an average of 42%.

To assist organizations in addressing cyber risk, MITRE created the ATT&CK model, which offers a comprehensive framework of possible attack strategies. MITRE recently began evaluating vendor EDR products to test their effectiveness against the ATT&CK framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE’s evaluation methodology and all evaluation results are publicly available (https://attackevals.mitre.org/).

Using the MITRE ’Do It Yourself’ Evaluation Tool , Attivo Networks ran the test against its EDN technology. The test assessed the solution’s effectiveness against APT29 attacks in combination with leading EDR solutions. Attivo Networks used both a weighted scoring system that rewards more points for higher value detections and a flat scoring model that rewards one point for a detection belonging to any category. After being compiled, the scores of the four leading EDR solutions showed an average detection improvement rate of 42% observed. These results demonstrate that the Attivo Networks threat detection solution augmented the leading EDR solutions. MITRE also evaluated against APT3 attacks, with the EDN solution delivering similar results.

“The notion of adding deception to endpoint security is consistent with a layered defense methodology,” said Dr. Ed Amoroso, CEO of leading analyst firm TAG Cyber. “The MITRE ATT&CK evaluation criteria provides a quantitative testbed demonstrating how Attivo Networks augments leading EDR solutions evaluated by MITRE.”

“The MITRE ATT&CK evaluation clearly demonstrates Attivo’s value in detecting lateral movement, which is an important part of the framework,” said Tushar Kothari, Attivo Networks CEO. “Organizations add Attivo EDN to their security solutions to broaden their ability to protect the endpoint from additional attack vectors.”

Key takeaways from this evaluation include:

  • Each endpoint security solution fared well individually in the MITRE evaluations;
  • The EDN solution improved lateral movement detection performance in the middle phases of the ATT&CK matrix;
  • The EDN solution added greater technique visibility to enhance adversary intelligence;
  • The observed improvements were meaningful across both scoring methodologies, eliminating methodological biases;
  • Using an endpoint security solution in conjunction with the Attivo Networks EDN suite improved overall solution performance, noting that the evaluators did not double-count duplicated detections and attributed them to the EDR score.

About the ThreatDefend® Platform and EDN

The ThreatDefend® Deception Platform is a comprehensive detection solution that provides early detection across networks, endpoints, applications, data, and Active Directory. It includes the BOTsink® deception servers for decoys, the Endpoint Detection Net (EDN) suite for endpoint lateral movement detection, and ADSecure™ for Active Directory defense. Altogether, these solutions create a deception fabric that detects in-network attackers across any attack surface, whether on-premises, in the cloud, or at remote locations, regardless of attack vector. The ThreatDefend platform EDN suite strengthens endpoint defensive capabilities by detecting and alerting on attack tactics that attackers use once they manage to compromise a system to spread to other devices on the network.

Additional Resources

Learn more about these results and how Attivo Networks conducted the MITRE ATT&ACK evaluation:

About Attivo Networks
Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces. The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 125 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.

 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-25789
PUBLISHED: 2020-09-19
An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.
CVE-2020-25790
PUBLISHED: 2020-09-19
** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our secu...
CVE-2020-25791
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().
CVE-2020-25792
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().
CVE-2020-25793
PUBLISHED: 2020-09-19
An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.