MITRE ATT&CK Evaluation Highlights CrowdStrike Falcon’s Comprehensive Threat Detection and Visibility
Falcon’s industry-leading endpoint protection reduces the time it takes to understand, contain, and remediate security incidents
SUNNYVALE, Calif. – April 21, 2020 – CrowdStrike® Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint protection, today announced it has successfully completed its second MITRE ATT&CK® evaluation. The CrowdStrike Falcon® platform was evaluated for its ability to detect attack techniques employed by COZY BEAR (also known as APT29), a sophisticated nation-state adversary affiliated with the Russian government.
ATT&CK is a MITRE-developed knowledge base of adversary tactics and techniques based on real-world observations to describe and better understand threats, and to pinpoint gaps in visibility and process. The MITRE ATT&CK evaluation tests a vendor’s ability to detect attacker activity across the full spectrum of sophisticated attacks, from initial breach all the way through lateral movement, persistence, and exfiltration.
CrowdStrike’s results in this latest MITRE evaluation indicate once again that CrowdStrike Falcon delivers best-in-class visibility and detection, using its lightweight agent, local machine learning and sophisticated cloud-native EDR capabilities to deliver complete threat protection across the entire breadth of the ATT&CK framework. Unlike other vendors, Falcon also provides security analysts the deep context necessary to understand threats quickly and act decisively, improving overall security posture.
Key results include:
- CrowdStrike Falcon delivered broad endpoint detection and response (EDR) for defenders across the entire MITRE ATT&CK framework, including visibility into each of the 19 separate phases of the entire simulated attack.
- CrowdStrike’s unique CrowdScore™ capability correlated a wide range of data within the simulation, proving to be a true force multiplier to help ultimately defeat the adversary.
- Falcon provided proactive and comprehensive detections to individual attack techniques, without requiring product updates or configuration changes. Falcon offered contextualized analysis for each phase of the simulated attack, reducing the time needed to understand, contain, and remediate incidents.
- Falcon OverWatch™, CrowdStrike’s team of expert threat hunters, contributed additional context and visibility to the results, combining machine learning with deep human expertise to thwart the sophisticated simulation.