Kaspersky enterprise solution’s quality proven in MITRE ATT&CK ® Evaluation
Kaspersky EDR and Kaspersky Managed Protection (MDR service) for enterprises have been tested in the MITRE ATT&CK Evaluation Round 2 to examine the solution’s ability to detect the tactics and techniques of targeted cyberattacks.
The evaluation was conducted in 2019-2020, emulating attack techniques of the APT29 threat group (aka CozyDuke, CozyBear, The Dukes). The evaluation revealed the strong threat detection capabilities of Kaspersky’s solutions.
Using its own ATT&CK matrix, MITRE evaluates the performance of EDR products from different vendors. The MITRE ATT&CK Evaluation is the first comprehensive test of its kind, as it does not just analyze malware detection levels but aims to create a full picture of the ability of an EDR solution to handle all the stages of an advanced multi-staged attack. There is no scoring system in this test to compare different vendors. Every customer can decide what capabilities of each product are important to its organization’s particular security goals.
Prior to the evaluation, MITRE invited security experts to send in their own research on APT29, to improve the emulation. Kaspersky contributed its own threat intelligence on this group to MITRE.
Then, through an in-depth assessment carried out over three days, MITRE tested Kaspersky's solution against emulated attack techniques. The Evaluation found that Kaspersky’s solution, which includes the Kaspersky EDR product with Kaspersky Endpoint Security for Business and Kaspersky Managed Protection service, showed good visibility of most of the techniques tested. It demonstrated a high level for detecting key techniques applied at crucial stages of modern targeted attacks; these stages are Execution, Persistence, Privilege Escalation and Lateral Movement.
The results also proved the importance of a comprehensive solution that combines a fully automated multi-layered security product and an automated manual threat hunting service. Even though many attack methods were well detected by Kaspersky EDR automatically, there were also techniques that required human expertise to uncover.
“Participating in the ATT&CK Evaluation Round 2 was a valuable experience for Kaspersky. We are fully satisfied with how our EDR solution performed in this evaluation. Tests like these reveal the overall level of industry readiness to address advanced threats and any gaps that need to be resolved. MITRE did a great job in creating the ATT&CK framework with community contributions (including input from Kaspersky). We are pleased with the findings from the Evaluation Round 2 and will continue to work on improving our solutions. We look forward to taking part in Round 3 which will focus on FIN7/Carbanak,” comments Anton Ivanov, VP, Threat Research at Kaspersky.
All of Kaspersky’s ATT&CK-related materials, including the evaluation results analysis and the examples of the ATT&CK used in Kaspersky products can be found at Kaspersky.com/MITRE
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
Kaspersky enterprise solution’s quality proven in MITRE ATT&CK ® Evaluation
Kaspersky
Related Articles Press Releases
Updated Kaspersky Security for Mail Server offers advanced content filtering and enhanced visibility for SOC
Kaspersky has announced a significant update to its Kaspersky Security for Mail Server, designed to strengthen systems against emerging email threats. The latest version of Kaspersky Security for Mail Server features advanced functionality for content filtering, quarantine management, and enhanced visibility for Security Operations Centers (SOC).Read More >Innovation journey: Dubai welcomed Kaspersky's Cyber Immunity Conference
Leading cybersecurity experts, scientists, business leaders and government officials from more than 20 countries worldwide have come together for the inaugural international Cyber Immunity Conference. Exploring the complex and evolving cyberthreat landscape the conference provided invaluable insights into the future of our digital age and celebrated the pioneering efforts of the first Cyber Immunity Champions.Read More >Kaspersky Thin Client 2.0: Cyber Immune protection with enhanced connectivity, performance and design
Kaspersky has presented an updated operating system for thin clients that offers enhanced connectivity, higher speed of applications delivery, lower total cost of ownership, user-friendly graphical interface and quick deployment. Kaspersky Thin Client 2.0 is the main component of the Cyber Immune solution for building thin client infrastructure in a wide range of industries, including healthcare, finance, education and manufacturing.Read More >
We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.