Bitdefender announced results for
the 2024 MITRE Engenuity ATT&CK Evaluation for Managed Services, an
evaluation of 11 participating cybersecurity vendors in their ability to
detect, analyze, and describe adversary behavior. Bitdefender was a top
performer achieving near total coverage of all steps (no vendor
achieved complete coverage) with highest actionable insights, without
excessive alerts to the security operation teams.
"Our ability to identify attack techniques of advanced adversaries and
provide rich context with rapid response during real-word tests,
demonstrates our proficiency at disrupting attacks at any given point
and reaffirms Bitdefender's position as a trusted leader in managed
detection and response (MDR) services," said Andrei Florescu, president
and general manager of Bitdefender Business Solutions Group. "Businesses
cannot afford to waste valuable security staff time and resources
wading through a mountain of threat alerts and email notifications. In
addition to validating our superior threat detection capabilities, the
MITRE ATT&CK evaluation confirmed our focus on limiting unnecessary
noise and increasing actionability to drive security team efficiency and
stop attacks faster."
The ATT&CK Evaluations for Managed Services tested participating
cybersecurity vendors in a ‘closed book' version of adversary emulation
using tactics, techniques and procedures (TTPs) of BlackCat/ALPHV, a
prolific ransomware-as-a-services (RaaS) group, and menuPass (aka
APT10), an advanced threat actor focused on espionage targeting an array
of industries including healthcare, manufacturing and government. The
evaluations emulated a multi-subsidiary compromise with overlapping
operations focusing on defense evasion, exploiting trusted
relationships, data encryption, and inhibiting system recovery across
both Windows and Linux environments.
Each participant was evaluated based on understanding of emulated
BlackCat and menuPass activities across 43 total steps in the
framework's attack kill chain from initial compromise through the final
stage. Participants leveraged a self-supplied toolset to enable their
detection capabilities and provide the relevant analysis in the same
format they provide to customers.
MITRE Engenuity evaluated Bitdefender MDR,
a managed security service that delivers 24x7 continuous threat
monitoring and response, threat hunting, and elite security expertise
housed across a global network of interconnected, fully staffed security
operations centers (SOCs). With cross-functional teams covering threat
research, investigations, forensics and other highly skilled
disciplines, Bitdefender MDR helps augment organizations with limited
cybersecurity resources.
Bitdefender evaluation highlights include:
-
Highest Actionability in the Evaluation - Bitdefender MDR reported malicious activity for more than 95% of sub-steps for BlackCat and menuPass and achieved the highest
-
result (32% above the average) in the category of Actionability, a
measurement of whether a SOC analyst is provided with enough information
in the alert (about What, Where, When, Who, and Why) to take immediate
action on it.
-
Best Alert Fidelity - Bitdefender MDR demonstrated low overall
noise consisting of total alerts in the console and total emails
generated during evaluations. For both BlackCat and menuPass,
Bitdefender generated 81 alerts and emails, a stark contrast when
compared to the competitor average of 530 alerts and emails (with some
vendors generating over 1,600).
-
Low Mean Time to Detect (MTTD) - At just 24 minutes, Bitdefender
had an extremely low MTTD, meaning average time between when an attack
is initiated and MDR provider triggered alert. This is in comparison to
the average MTTD of 41 minutes.
-
Powerful Native Technology Stack - Bitdefender MDR achieved its
favorable testing results leveraging a native technology stack that
serves as the cornerstone for the company's entire business solution
portfolio. Businesses seamlessly integrate threat prevention, endpoint
detection and response (EDR) and extended detection and response (XDR)
with MDR services without requiring costly add-ons.
"In collaboration with the 11 providers who participated in this round
of ATT&CK Evaluations Managed Services, we rigorously and
transparently tested services against two well-known and prolific
adversaries," said William Booth, general manager, ATT&CK Evals,
MITRE Engenuity. "The evidence-based results of the evaluation are a
valuable resource for organizations in determining which security
solutions best address their needs."
To view the full results from the ATT&CK Evaluations for Managed Services visit here.