Trend Micro Incorporated, a global cybersecurity leader, excelled in the latest ATT&CK Evaluation performed by MITRE Engenuity. The Trend Micro Vision One platform quickly detected 96% of attack steps from the simulation that mimicked the behaviour of two infamous APT groups.
Unlike other industry organisations that test a product’s ability to detect and prevent various malware samples, MITRE Engenuity’s ATT&CK Evaluations appraise a solutions’ ability to detect targeted attacks leveraging known adversary behaviour. This approach more closely mirrors real-world attacks that are most critical. MITRE Engenuity focused on techniques associated with notorious threat groups Carbanak and FIN7 in this year’s simulations.
“Security has been about spotting the tools used in an attack: MITRE Engenuity adds the dimension of recognising rather the patterns of an attacker, no matter when different tools are used,” said Greg Young, vice president of cybersecurity for Trend Micro. “MITRE ATT&CK is, like the attacks it models, complex. Doing well on a third-party test like this is satisfying – and with 96% visibility, we did very well here – especially considering it models techniques used by two of the world’s most capable threat groups. An even bigger success is helping educate organisations that ATT&CK isn’t just about the test but that ATT&CK can be a part of the everyday playbook for SOCs, which is reflected in our solutions.”
This year’s test included two simulated breaches, one at a hotel and one at a bank, using typical APT tactics such as elevation of privileges, credential theft, lateral movement and data exfiltration.
Trend Micro Vision One recorded the following impressive results:
Delivered 96% of attack coverage to provide visibility of 167 out of 174 simulated steps across the evaluations. This broad visibility allows customers to have a clear picture of the attack and respond faster.
100% of attacks against the Linux host were detected, capturing 14/14 attacker steps, which is especially important considering its huge increase in use by many organisations.
139 pieces of telemetry were enriched by the Trend Micro Vision One platform to provide extremely effective threat visibility to better understand and investigate attacks. This is critical for SOC analysts.
90% of attack simulations were prevented through automated detection and response very early on in each test. Deflecting risk early on frees up investigation resources, allowing teams to focus on the harder security problems to solve.
Trend Micro Vision One allows customers to see more and respond faster — collecting and automatically correlating telemetry across email, endpoints, servers, cloud workloads and networks to speed up detections and investigations.
Its performance against techniques used by two of the world’s most formidable cybercrime enterprises proves its value in threat detection and response, and ability to optimise cyber-risk reduction for customers.
Nilesh Jain, vice president for Southeast Asia and India at Trend Micro said, “Last year, one-fifth of APAC organisations were hit by seven or more cyberattacks, according to our Cyber Risk Index. In order to tip the scales, we are committed to supporting our customers in the region level up their readiness to tackle the most complex and sophisticated threats. Our performance in the well-regarded MITRE Engenuity ATT&CK Evaluations is testament to this commitment, enabling us to deliver a high level of visibility along with automated threat detection and response with our Trend Micro Vision One solution.”
The MITRE ATT&CK framework helps the industry define and standardise how to describe cyber-attack techniques — offering organisations a common and regularly updated language to triage detection and response as efficiently as possible.
This year’s strong performance in MITRE Engenuity’s ATT&CK Evaluation is the second in a row for Trend Micro, whose capabilities also impressed in the 2020 tests.