{"id":20573,"date":"2022-11-09T13:20:55","date_gmt":"2022-11-09T21:20:55","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/11\/09\/news-14306\/"},"modified":"2022-11-09T13:20:55","modified_gmt":"2022-11-09T21:20:55","slug":"news-14306","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2022\/11\/09\/news-14306\/","title":{"rendered":"Sophos MDR: Results from the first MITRE Engenuity ATT&CK Evaluation for Security Service Providers"},"content":{"rendered":"

Credit to Author: Eric Kokonas| Date: Wed, 09 Nov 2022 17:49:40 +0000<\/strong><\/p>\n

\n

On November 9, 2022, MITRE Engenuity<\/a>\u2122 released the results from their first-ever ATT&CK\u00ae Evaluation for Security Services Providers. The evaluations highlighted results across 15 security services providers, assessing their capabilities in detecting, analyzing, and describing adversary behavior.<\/p>\n

Sophos Managed Detection and Response<\/a> (MDR) successfully reported malicious activity across all 10 MITRE ATT&CK\u00ae steps, excelling in its ability to detect and respond to sophisticated threat actors with speed and precision.<\/p>\n

Why MITRE Engenuity introduced an ATT&CK Evaluation for managed services<\/h2>\n

For nearly 5 years, MITRE Engenuity has conducted independent evaluations of cybersecurity products using an open methodology based on the ATT&CK knowledge base. These evaluations are predicated on real-world attack emulations that simulate the tactics, techniques, and procedures (TTPs) of relevant advanced persistent threats (APTs) and task vendor participants with demonstrating their ability to detect, analyze, and describe those activities.<\/p>\n

The primary objective of ATT&CK Evaluations is to help cybersecurity solution providers\u2014and the organizations they support\u2014make better decisions to combat cyberthreats and improve threat detection capabilities. However, MITRE survey results<\/a> have shown that it\u2019s challenges related to people<\/i> (training and hiring), not cybersecurity products and technology, that are the main limitation preventing organizations from advancing their security operations programs.<\/p>\n

In its survey of more than 400,000 information security professionals worldwide, MITRE Engenuity found that 58% of organizations rely on managed services to either complement their in-house security operations center (SOC), or serve as their main line of defense. This number was even higher (68%) when considering companies under 5,000 employees. At the same time, roughly half of these organizations reported a lack of confidence in their managed service\u2019s people or technology.<\/p>\n

In response to the rapid adoption of managed services and associated cybersecurity challenges, MITRE Engenuity developed and administered a new evaluation methodology that allows end users to better understand how security services like Sophos MDR address adversary behavior.<\/p>\n

What is OilRig?<\/h2>\n

\"\"The MITRE Engenuity ATT&CK Evaluation for Security Service Providers evaluated Sophos MDR and other vendors\u2019 abilities to detect and analyze attack tactics and techniques simulating those used by OilRig,<\/a> an Iranian government-affiliated threat actor \u2013 also known as APT34 and Helix Kitten.<\/p>\n

OilRig has conducted operations relying on social engineering, stolen credentials, and supply chain attacks, resulting in the theft of sensitive data from critical infrastructure, financial services, government, military, and telecommunications.<\/p>\n

This threat actor was selected for use in the MITRE ATT&CK Evaluation for Security Service Providers based on its evasion and persistence techniques, its complexity, and its relevancy to industry.<\/p>\n

Unlike MITRE Engenuity\u2019s ATT&CK Evaluations for Enterprise, which follow an open book methodology where participating vendors know in advance the adversary being emulated, the MITRE Engenuity\u2019s Security Services evaluation did not disclose the adversary group or the technique scope.<\/p>\n

How did Sophos MDR perform in the MITRE Engenuity ATT&CK Evaluation for Security Service Providers?<\/h2>\n

Sophos Managed Detection and Response (MDR) successfully reported malicious activity across all 10 MITRE ATT&CK steps, excelling in its ability to detect and respond to sophisticated threat actors with speed and precision. This was a detection-only evaluation, meaning that MITRE Engenuity did not evaluate vendors\u2019 ability to execute threat response actions.<\/p>\n

It is important to note that ATT&CK Evaluations are not competitive analyses and do not designate a \u201cwinner.\u201d And while there is no singular way for analyzing, ranking, or rating the participating vendors, Sophos MDR recorded an exceptional performance with results that validate our position as one of the top performing security services vendors in the market.<\/p>\n

For more details about the evaluations and their results, visit https:\/\/attackevals.mitre-engenuity.org\/managed-services\/managed-services<\/a>.<\/p>\n<\/p><\/div>\n

http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: Eric Kokonas| Date: Wed, 09 Nov 2022 17:49:40 +0000<\/strong><\/p>\n

Sophos MDR recorded an exceptional performance with results that validate our position as one of the top performing security services vendors in the market.\u00a0<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[20346,25569,24562],"class_list":["post-20573","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-mitre","tag-mitre-attk","tag-products-services"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20573","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=20573"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/20573\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=20573"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=20573"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=20573"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}