{"id":18644,"date":"2022-03-31T15:21:00","date_gmt":"2022-03-31T23:21:00","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2022\/03\/31\/news-12377\/"},"modified":"2022-03-31T15:21:00","modified_gmt":"2022-03-31T23:21:00","slug":"news-12377","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/03\/31\/news-12377\/","title":{"rendered":"MITRE Engenuity ATT&CK\u00ae Evaluation results showcase Sophos real-world threat prevention and detection"},"content":{"rendered":"

Credit to Author: Rich Beckett| Date: Thu, 31 Mar 2022 20:00:26 +0000<\/strong><\/p>\n

\n

\"\"This round of independent ATT&CK Evaluations<\/a> for enterprise cybersecurity solutions emulated two sophisticated threat groups, Wizard Spider and Sandworm.<\/p>\n

Wizard Spider<\/a> is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm<\/a> is a destructive Russian threat group that is known for launching the NotPetya<\/a> ransomware attacks that wreaked havoc in 2017.<\/p>\n

These two threat actors were chosen based on their complexity, relevancy to customer organizations, and how well MITRE Engenuity\u2019s staff can fittingly emulate the adversary for a real-world test that organizations can trust.<\/p>\n

Delivering the highest visibility of threats<\/h2>\n

Sophos is proud to share that Intercept X demonstrated a world-class ability to prevent and detect advanced attacks, including Wizard Spider and Sandworm.<\/p>\n

\u201cThe challenge of protecting your organization against real-world cyberthreats is a demanding effort in precision and scale. Providing the highest level of context to a defender is key to improving the speed at which you can identify and respond to attacker tactics, techniques, and procedures (TTPs). Adversaries continuously adapt and evolve their toolsets and activity to seize new opportunities, evade detection and try to stay one step ahead of security teams. For that reason, we\u2019re pleased to be recognized in the MITRE Engenuity evaluations, which focus on the actual TTPs of two assertive and modern-day attackers,\u201d said Joe Levy, Sophos Chief Technology and Product Officer.<\/p>\n

You can view the in-scope techniques used in the evaluation in the ATT&CK Navigator by checking out the layer file we made available here<\/a>, and Sophos\u2019 results in detecting them here<\/a>.<\/p>\n

\"\"<\/a><\/p>\n

Stopping threats faster<\/h2>\n

\u201cWe\u2019re very pleased with the way MITRE\u2019s evaluation showcases the threat detection strength of Sophos Intercept X. Every day, this enables our customers to deter more active attacks earlier in the attack lifecycle, and to reduce the impact of costly threats like ransomware,\u201d adds Levy. Preventing a single ransomware incident, as simulated in the ATT&CK Evaluations, could result in saving millions of dollars, not to mention the potential collateral damage, simply by stopping attacks before they culminate into something more devious.<\/p>\n

As President Biden releases a statement<\/a> that Russian threat groups, like those responsible for Sandworm, may be shifting towards cyber-offensive action against Western organizations and infrastructure, it\u2019s important for organizations to optimize prevention. An important step is to reduce the attack surface<\/strong>, removing opportunities for attackers to breach your organization. Some examples of how Sophos achieves this is by:<\/p>\n