Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

03:55 PM
Dark Reading
Dark Reading
Products and Releases

MITRE Engenuity Announces Results from Evaluating Enterprise Security Products Against Cybercrime Threats

McLean, VA, and Bedford, MA, April 20, 2021— MITRE Engenuity released its third round of independent ATT&CK Evaluations for enterprise cybersecurity products from 29 vendors. The MITRE Engenuity team’s mission is to drive cyber innovation for public good by helping government and industry combat security threats and improve industry’s threat detection capabilities.

MITRE Engenuity’s focus on specific threats is based on extensive knowledge and research of the threat landscape, and prioritizes threats that offer unique impact to businesses and governments worldwide. Through the lens of the MITRE ATT&CK® knowledge base, MITRE Engenuity emulated the tactics and techniques of FIN7 and Carbanak, two threat actors that have each demonstrated the ability to compromise financial service and hospitality organizations, respectively, using malware and tradecraft. Together, these attack operations have resulted in the theft of more than $1 billion across hundreds of businesses over the past five years. Despite the arrest of key members in 2018, Carbanak and FIN7 remain active cyber threats to organizations globally.

MITRE developed and maintains the ATT&CK knowledge base, which is based on real world reporting of adversary tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense.

The evaluations, which were paid for by the vendors, include products from: AhnLab, Bitdefender, BlackBerry Cylance, Broadcom, Check Point, Cisco, CrowdStrike, Cybereason, CyCraft, Cynet, Elastic, ESET, F-Secure, Fidelis, FireEye, Fortinet, GoSecure, Malwarebytes, McAfee, Micro Focus, Microsoft, OpenText, Palo Alto Networks, ReaQta, SentinelOne, Sophos, Trend Micro, Uptycs, and VMware.

The ATT&CK Evaluations team chose to emulate Carbanak and FIN7 because they both target a wide range of industries for financial gain, whereas prior emulated groups were more focused on espionage. As always, the Evaluations team also sought to balance previously tested techniques with untested techniques and variations on how those techniques were executed to best capture how the defensive solutions are evolving to address a diverse set of threats.

Previous evaluations pitted cybersecurity products from 12 vendors against the threat from APT3, a Chinese group that analysts believe most recently focused on monitoring Hong Kong-based political targets, and products from 21 vendors against the threat of APT29.  Cybersecurity analysts believe APT29 operates on behalf of the Russian government and compromised the Democratic National Committee starting in 2015, and has recently been attributed with the SolarWinds supply chain injection.

“Not only are we seeing increased vendor participation with each new round of evaluations, plus many participants who found content from previous rounds valuable and want to continue collaborating with us, but we’re also seeing improved capabilities from the products each time, which helps make cyberspace safer for everyone,” said Frank Duff, ATT&CK Evaluations lead.

Seventeen of the vendors elected to take an optional protections extension to the detection evaluations where MITRE Engenuity examined their ability to block specific adversary techniques utilized by these groups. This was also the first time that the evaluations went beyond Windows systems and addressed techniques aimed at the Linux devices that are often used on enterprise networks as file servers, databases, and other non-workstation infrastructure.

For full results and more information about the evaluations, visit attackevals.mitre-engenuity.org.


Vendor perspective

Tanmay Ganacharya, partner director, Microsoft Defender Security Research

“Microsoft is thrilled to have participated in the MITRE ATT&CK evaluation for the third year in a row. The testing simulations provided by MITRE Engenuity are the most comprehensive tests that most closely mirror real-world attacks. The partnership with MITRE Engenuity is essential to enhancing our products to meet the needs of our customers and keep pace with the evolving threat landscape. We appreciate the collaborative and transparent nature of the evaluation.”


Ismael Valenzuela, senior principal, head of AC3, Applied Countermeasures team at McAfee

“At McAfee we know that cybercriminals are always evolving their tradecraft, and we are committed to provide cyber defenders the capabilities needed to win the game. To demonstrate our commitment, McAfee has participated in all of the three ATT&CK enterprise evaluations to date, including the latest with Carbanak and FIN7. In the most comprehensive evaluation to date, the MITRE ATT&CK team demonstrated their expertise completing four days of rigorous testing. This has a tremendous value to both our customers and our threat content engineers. As one of our blue teamers indicated, being part of these evaluations feels like being an engineer in a Formula One race team in the pit on the test track. We take the products for a spin and we use the telemetry to improve the efficacy of our protection, detection and response capabilities.”


Adam Bromwich, vice president and general manager, Symantec Endpoint Security, a Division of Broadcom 

“Symantec is pleased to participate in the 2021 MITRE ATT&CK test, which provides a gold standard evaluation of today’s visibility, prevention and protection solutions. Our performance demonstrates the strength of the analytics-driven protection and detection technologies delivered in Symantec Endpoint Security (SES) Complete, and we are thrilled that our participation in MITRE Engenuity’s evaluation helps us continue raising the bar on innovation and providing security value to our customers.”


Jared Phipps, senior vice president, worldwide sales engineering for SentinelOne

“MITRE Engenuity ATT&CK Evaluations continues its stellar record in pushing the security industry forward and brings much-needed visibility and independent testing to the EDR space as practitioners sort through a complex threat and vendor landscape. Participating in all the evaluations has become an essential practice that we have used to improve our products further. At SentinelOne, we continue to be enthusiastic supporters for the work MITRE Engenuity is doing to painstakingly define and continually expand a common cybersecurity language that describes how adversaries operate.”


Ganesh Pai, CEO, Uptycs

“We chose to participate in the MITRE ATT&CK evaluation because we believe transparency and quantitative third-party vendor assessments are important for customers and the industry at large. We also wanted to showcase our agility and innovation with our Windows EDR capabilities that complement our market-leading strength in macOS and Linux. We’re proud to stand among some of the biggest vendors in the security industry and showcase our multi-OS detection capabilities—a testament to the hard work of our engineering and threat research teams.”


John Maddison, executive vice president of products and chief marketing officer, Fortinet

“Fortinet is a firm believer in independent security testing of all kinds- effectiveness, performance and capability.  An outside perspective helps us make our products better and gives organizations a credible, often comparable benchmark.  What we really like about ATT&CK Evaluations by MITRE Engenuity is that they not only show what a security product detects (and now protects), but also identify when, how and why. This insight “under the hood” of security products helps organizations to confidently apply the Evaluation results well beyond the specific campaigns emulated, to campaigns using similar reactions s and techniques, today and tomorrow.

This is just one of many areas in which we collaborate with MITRE; from the early definition of the STIX format to membership in the Center for Threat Informed Defense and the Round 3 ATT&CK Evaluation and more recently membership in the Sightings Ecosystem project this year. Fortinet continues to collaborate closely in the threat intelligence community.”


Ian Heritage, cybersecurity architect, Trend Micro

“The MITRE Engenuity ATT&CK Evaluation offers both transparency to customers and real-world attack scenarios, which are top highlights for our participation. This ensures that customers can actively evaluate security products to protect themselves from the latest advances from attackers based on their areas of greatest need.”


About MITRE Engenuity

MITRE Engenuity is a tech foundation focused in innovation for public good, collaborating with the private sector on challenges that demand public interest solutions, to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing, and next generation communications. www.mitre-engenuity.org


Media contact:

Jeremy Singer

[email protected]


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google Maps is taking "interactive" to a whole new level!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-18
An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
PUBLISHED: 2021-05-18
Uncontrolled Search Path Element vulnerability in the openssl component as used in Bitdefender GravityZone Business Security allows an attacker to load a third party DLL to elevate privileges. This issue affects Bitdefender GravityZone Business S...
PUBLISHED: 2021-05-17
Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post.
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page."
PUBLISHED: 2021-05-17
Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images."