{"id":24708,"date":"2024-06-18T07:21:10","date_gmt":"2024-06-18T15:21:10","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/06\/18\/news-18438\/"},"modified":"2024-06-18T07:21:10","modified_gmt":"2024-06-18T15:21:10","slug":"news-18438","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/06\/18\/news-18438\/","title":{"rendered":"MITRE Engenuity ATT&#038;CK Evaluations for Managed Services (menuPass + ALPHV BlackCat)"},"content":{"rendered":"<p><strong>Credit to Author: Doug Aamoth| Date: Tue, 18 Jun 2024 13:00:28 +0000<\/strong><\/p>\n<div class=\"entry-content lg:prose-lg mx-auto prose max-w-4xl\" width=\"100%\" height=\"420\">\n<p>MITRE Engenuity\u2122 has released the results from the latest round of ATT&amp;CK\u00ae Evaluations for Managed Services, assessing the abilities of 11 vendors to detect, analyze, and accurately describe real-world adversary behavior.<\/p>\n<p>This was the second round of ATT&amp;CK Evaluations for Managed Services, initially launched in 2022, to help organizations better understand how offerings like <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\">Sophos MDR<\/a> can help protect them against sophisticated, multi-stage attacks.<\/p>\n<p>Watch this short video for an overview of the evaluation:<\/p>\n<div class=\"embed-vimeo\" style=\"text-align: center;\"><iframe loading=\"lazy\" src=\"https:\/\/player.vimeo.com\/video\/952340169\" width=\"100%\" height=\"420\" frameborder=\"0\" webkitallowfullscreen mozallowfullscreen allowfullscreen style=\"\"><\/iframe><\/div>\n<h2>What was the scope of the ATT&amp;CK Evaluations?<\/h2>\n<p>MITRE Engenuity ATT&amp;CK Evaluations are designed to simulate a representative example of how organizations should expect a managed service provider to engage with them during a sophisticated attack.<\/p>\n<p>The MITRE Engenuity team emulates the behaviors of known threat actors during the evaluation. A \u2018black box\u2019 approach was used in this round, whereby MITRE did not disclose the simulated threat actor(s) or the technique scope until the assessment was complete.<\/p>\n<p>This evaluation emulated tactics and techniques used by two known threat groups \u2013 menuPass and ALPHV\/BlackCat \u2013 and assessed each vendor\u2019s abilities to detect and report specific adversary activities.<\/p>\n<p>In total, the evaluation comprised 172 adversary activities (sub-steps) across 15 overall steps. Note, however, that only 43 of the sub-steps \u2013 those that MITRE Engenuity considered critical for attack sequence success \u2013 were included in the results.<\/p>\n<p>The evaluation focused entirely on detection and reporting. The ability to block, respond to, or remediate threats was not assessed. It\u2019s essential, therefore, to keep in mind that adversary behaviors emulated in this evaluation may have been blocked by protection technologies (e.g., next-gen endpoint tools), which vendors needed to deactivate during the evaluation.<\/p>\n<h2>Evaluation participants<\/h2>\n<p>Eleven managed security service providers participated in this evaluation round:<\/p>\n<h2>Sophos\u2019 results<strong><br \/> <\/strong><\/h2>\n<p>The results of MITRE ATT&amp;CK Evaluations can be interpreted in multiple ways and MITRE Engenuity does not rank or declare any vendor a \u201cwinner\u201d or a \u201cleader\u201d. Each vendor\u2019s managed service reports information differently and each organization\u2019s needs and preferences are just as important as the results themselves.<\/p>\n<p>Sophos successfully &#8220;Reported&#8221; and accurately described 84% of the 43 adversary activities (sub-steps) selected by MITRE Engenuity \u2013 higher than the average among participating vendors. The majority (75%) of Sophos\u2019 detections were also categorized as &#8220;Actionable&#8221;. &#8220;Reported&#8221; means the adversary activity was successfully identified, and sufficient context was provided. And, where the reported information also successfully addresses the \u201c5 W\u2019s\u201d (Who, What, When, Where, and Why), the activity was further categorized as &#8220;Actionable&#8221;.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-955768 size-full\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Results.png\" alt=\"\" width=\"936\" height=\"252\" srcset=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Results.png 936w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Results.png?resize=300,81 300w, https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/Results.png?resize=768,207 768w\" sizes=\"auto, (max-width: 936px) 100vw, 936px\" \/><\/p>\n<p>The results also include the number of alert emails sent by each vendor.<\/p>\n<p>To ensure an effective, understandable, and actionable response, Sophos MDR focuses on providing high-value, human-written notifications containing the critical information and context that customers need to know.<\/p>\n<p>During the 5-day MITRE ATT&amp;CK Evaluation for Managed Services, Sophos MDR sent 24 emails. The average among other participants was over 120 emails, with some vendors sending more than 300 emails. Alert fatigue, caused by an overwhelming number of notifications from security solutions, is a major problem in cybersecurity. Sophos understands that your organization\u2019s time is valuable, and when resources are limited, quality is typically better than quantity.<\/p>\n<h2>How to use results of MITRE Engenuity ATT&amp;CK Evaluations<\/h2>\n<p>ATT&amp;CK Evaluations are among the world\u2019s most respected independent security tests, due in large part to the thoughtful construction and emulation of real-world attack scenarios, transparency of results, and richness of participant information.<\/p>\n<p>When considering a <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\">Managed Detection and Response<\/a> (MDR) service, be sure to review the results from MITRE Engenuity ATT&amp;CK Evaluations alongside other reputable third-party proof points, including\u00a0<a href=\"https:\/\/www.gartner.com\/reviews\/market\/managed-detection-and-response-services\/vendor\/sophos\/product\/sophos-managed-detection-and-response-services\">verified customer reviews<\/a>, and\u00a0<a href=\"https:\/\/news.sophos.com\/en-us\/2024\/04\/30\/sophos-named-a-leader-in-the-2024-idc-marketscape-for-worldwide-managed-detection-and-response-mdr\/\">analyst evaluations<\/a>.<\/p>\n<p>As you review the data available in MITRE Engenuity\u2019s evaluation portal, look beyond the numbers and consider the following, keeping in mind that there are some questions about managed security services that the ATT&amp;CK Evaluations cannot help you answer. For example:<\/p>\n<ul>\n<li>Does the service present information to you the way you want it, with high-value communications containing the critical information you need to know?<\/li>\n<\/ul>\n<ul>\n<li>Does the service assume you have an in-house security operations team, or can they provide a full \u2018instant SOC\u2019 with the ability to take action to eliminate threats on your behalf?<\/li>\n<\/ul>\n<ul>\n<li>Who will be engaging the managed service provider on a day-to-day basis? IT Administrators, experienced security analysts, or perhaps both?<\/li>\n<li>Can the service integrate with other technologies in your environment to detect and respond to multi-stage threats that extend beyond endpoints (e.g., firewall, email, cloud, identity, network, backup and recovery, etc.)?<\/li>\n<li>Does the service include full remote incident response, and are the included IR services limited to a fixed number of hours, or uncapped?<\/li>\n<\/ul>\n<h2>Why we participate<\/h2>\n<p>Sophos is committed to participating in MITRE Engenuity ATT&amp;CK Evaluations alongside some of the best security vendors in the industry. As a community, we are united against a common enemy. These evaluations help make us better, individually and collectively, for the benefit of the organizations we defend.<\/p>\n<p>Our participation in the latest evaluation further validates Sophos\u2019 position as an industry-leading <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\">Managed Detection and Response (MDR)<\/a> provider and trusted cybersecurity partner to over 22,000 customers.<\/p>\n<h2>Don\u2019t take our word for it<\/h2>\n<p>Sophos Managed Detection and Response is the world\u2019s most popular MDR solution. We secure more organizations than any other MDR provider and have extensive experience across all industries and sectors. Recent third-party proof points include:<\/p>\n<ul>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/04\/30\/sophos-named-a-leader-in-the-2024-idc-marketscape-for-worldwide-managed-detection-and-response-mdr\/\">Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response (MDR)<\/a><\/li>\n<li><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/03\/19\/sophos-named-a-leader-in-frost-sullivans-2024-frost-radar-for-global-managed-detection-and-response\/\">Sophos named a Leader in Frost &amp; Sullivan\u2019s 2024 Frost Radar\u2122 for Global Managed Detection and Response<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/why-sophos\">Sophos is the only vendor named a Gartner Customers\u2019 Choice in Endpoint Protection Platforms, Managed Detection &amp; Response Services, Network Firewalls, and Mobile Threat Defense<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/content\/why-sophos\">Sophos was the only vendor named a Leader in EPP, EDR, MDR, XDR, and Firewall in the G2 Winter 2024 Reports<\/a><\/li>\n<li><a href=\"https:\/\/www.sophos.com\/en-us\/report\/magic-quadrant-endpoint-protection-platforms\">Sophos named a Leader for the 14th consecutive time in the 2023 Gartner\u00ae Magic Quadrant\u2122 for Endpoint Protection Platforms<\/a><\/li>\n<li><a href=\"https:\/\/www.scawardseurope.com\/winners\">Sophos MDR declared the Winner of the \u2018Best Managed Security Service\u2019 award in the SC Awards Europe 2024<\/a><\/li>\n<\/ul>\n<p>To learn more about Sophos MDR and how it can support you, <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\">visit our website<\/a> or <a href=\"https:\/\/www.sophos.com\/en-us\/products\/managed-detection-and-response\/contact-request\">speak with a security expert<\/a> today.<\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/news.sophos.com\/en-us\/2024\/06\/18\/mitre-engenuity-attck-evaluations-for-managed-services-menupass-alphv-blackcat\/\" target=\"bwo\" >http:\/\/feeds.feedburner.com\/sophos\/dgdY<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/news.sophos.com\/wp-content\/uploads\/2024\/06\/MITRE.png\"\/><\/p>\n<p><strong>Credit to Author: Doug Aamoth| Date: Tue, 18 Jun 2024 13:00:28 +0000<\/strong><\/p>\n<p>Our view on the latest round of the MITRE Engenuity ATT&#38;CK Evaluations for Managed Services.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10378,10377],"tags":[11179,20346,25567,24562,24552,27604],"class_list":["post-24708","post","type-post","status-publish","format-standard","hentry","category-security","category-sophos","tag-endpoint","tag-mitre","tag-mitre-attck","tag-products-services","tag-security-operations","tag-sophos-mdr"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24708","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=24708"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/24708\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=24708"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=24708"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=24708"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}