Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


05:15 PM
Dark Reading
Dark Reading
Products and Releases

Attivo Networks Improves Endpoint Security as Demonstrated by MITRE ATT&CK Evaluations

When used in conjunction with leading EDR solutions, Attivo EDN technology augments the detection rates by an average of 42%.

FREMONT, Calif., June 16, 2020 – Attivo Networks®, an award-winning leader in cyber deception and attacker lateral movement threat detection, today announced the results of MITRE ATT&CK APT29 Adversary Evaluations on its Endpoint Detection Net (EDN) solution. The results demonstrate that when used in conjunction with leading EDR solutions, Attivo EDN technology augments the detection rates by an average of 42%.

To assist organizations in addressing cyber risk, MITRE created the ATT&CK model, which offers a comprehensive framework of possible attack strategies. MITRE recently began evaluating vendor EDR products to test their effectiveness against the ATT&CK framework. While MITRE does not rate or recommend tools, the methodology serves as a useful benchmark for comparison. MITRE’s evaluation methodology and all evaluation results are publicly available (https://attackevals.mitre.org/).

Using the MITRE ’Do It Yourself’ Evaluation Tool , Attivo Networks ran the test against its EDN technology. The test assessed the solution’s effectiveness against APT29 attacks in combination with leading EDR solutions. Attivo Networks used both a weighted scoring system that rewards more points for higher value detections and a flat scoring model that rewards one point for a detection belonging to any category. After being compiled, the scores of the four leading EDR solutions showed an average detection improvement rate of 42% observed. These results demonstrate that the Attivo Networks threat detection solution augmented the leading EDR solutions. MITRE also evaluated against APT3 attacks, with the EDN solution delivering similar results.

“The notion of adding deception to endpoint security is consistent with a layered defense methodology,” said Dr. Ed Amoroso, CEO of leading analyst firm TAG Cyber. “The MITRE ATT&CK evaluation criteria provides a quantitative testbed demonstrating how Attivo Networks augments leading EDR solutions evaluated by MITRE.”

“The MITRE ATT&CK evaluation clearly demonstrates Attivo’s value in detecting lateral movement, which is an important part of the framework,” said Tushar Kothari, Attivo Networks CEO. “Organizations add Attivo EDN to their security solutions to broaden their ability to protect the endpoint from additional attack vectors.”

Key takeaways from this evaluation include:

  • Each endpoint security solution fared well individually in the MITRE evaluations;
  • The EDN solution improved lateral movement detection performance in the middle phases of the ATT&CK matrix;
  • The EDN solution added greater technique visibility to enhance adversary intelligence;
  • The observed improvements were meaningful across both scoring methodologies, eliminating methodological biases;
  • Using an endpoint security solution in conjunction with the Attivo Networks EDN suite improved overall solution performance, noting that the evaluators did not double-count duplicated detections and attributed them to the EDR score.

About the ThreatDefend® Platform and EDN

The ThreatDefend® Deception Platform is a comprehensive detection solution that provides early detection across networks, endpoints, applications, data, and Active Directory. It includes the BOTsink® deception servers for decoys, the Endpoint Detection Net (EDN) suite for endpoint lateral movement detection, and ADSecure™ for Active Directory defense. Altogether, these solutions create a deception fabric that detects in-network attackers across any attack surface, whether on-premises, in the cloud, or at remote locations, regardless of attack vector. The ThreatDefend platform EDN suite strengthens endpoint defensive capabilities by detecting and alerting on attack tactics that attackers use once they manage to compromise a system to spread to other devices on the network.

Additional Resources

Learn more about these results and how Attivo Networks conducted the MITRE ATT&ACK evaluation:

About Attivo Networks
Attivo Networks®, the leader in deception technology, provides an active defense for early detection, forensics, and automated incident response to in-network attacks. The Attivo ThreatDefend® Deception Platform provides a comprehensive and customer-proven platform for proactive security and accurate threat detection within user networks, data centers, clouds, and a wide variety of specialized attack surfaces. The portfolio includes extensive network, endpoint, application, and data deceptions designed to misdirect and reveal attacks efficiently from all threat vectors. Advanced machine-learning makes preparation, deployment, and operations fast and simple to operate for organizations of all sizes. Comprehensive attack analysis and forensics provide actionable alerts and native integrations that automate the blocking, quarantine, and threat hunting of attacks for accelerated incident response. The company has won over 125 awards for its technology innovation and leadership. For more information, visit www.attivonetworks.com.



Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-23
Vulnerability in OpenGrok (component: Web App). Versions that are affected are 1.6.7 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise OpenGrok. Successful attacks of this vulnerability can result in takeover of OpenGrok. CVSS 3.1 ...
PUBLISHED: 2021-06-23
A vulnerability in SonicOS where the HTTP server response leaks partial memory by sending a crafted HTTP request, this can potentially lead to an internal sensitive data disclosure vulnerability.
PUBLISHED: 2021-06-23
A command execution vulnerability exists in the default legacy spellchecker plugin in Moodle 3.10. A specially crafted series of HTTP requests can lead to command execution. An attacker must have administrator privileges to exploit this vulnerabilities.
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.
PUBLISHED: 2021-06-23
Heap based buffer overflow in tsMuxer 2.6.16 allows attackers to cause a Denial of Service (DoS) by running the application with a crafted file.