targeted attacks MITRE ATT&CK evaluations MITRE tested our solutions in the APT29 evaluation. We explain what the test is, why and how it’s conducted, and what the results mean. Hugh Aver April 22, 2020 MITRE is not just a company that compares security solutions. It is a nonprofit organization whose mission is to create a safer world. Anyone at all familiar with the world of cybersecurity will be aware that it is known primarily for its database of Common Vulnerabilities and Exposures (CVE). Some time ago, the company took a step further and created the MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) threat matrix. What is MITRE ATT&CK? In essence, MITRE ATT&CK is an open knowledge base comprising the techniques used in various actors’ targeted attacks. The data is presented in matrix form, providing an overview of how attackers penetrate and gain a foothold in corporate infrastructure, the tricks they use to stay undetected, and so on. It’s an enterprise-level threat matrix, but MITRE is also working on matrices covering the tactics cybercriminals use for cyberattacks on mobile devices and industrial control systems. However, MITRE ATT&CK is not solely about collecting information for the sake of knowledge. It is intended to simplify building threat models for various industries and, more important, can be used to determine which known threats a specific solution or combination of solutions can detect. In theory, it goes as follows: A company in search of a solution to protect its infrastructure matches the capabilities of each candidate against the ATT&CK matrix and sees which threats remain. It’s a bit like a game of bingo. In practice, to understand which threats a particular security product identifies, MITRE conducts tests known as ATT&CK evaluations. ATT&CK evaluations and how they work MITRE researchers pick a known APT actor and over a period of several days emulate attacks in the test environment whose solution they’re assessing — but they don’t run identical replications of past attacks, of course. Instead, they modify individual attack tools to find out how the solution detects various adversarial techniques during the phases of an attack. Response mechanisms are disabled during the evaluation (otherwise some phases would be impossible to test). The current round of the test is called the APT29 Evaluation. In this evaluation, the researchers emulate the efforts of the APT29 group, also known as CozyDuke, Cozy Bear, and The Dukes. Here is a detailed article about ATT&CK evaluations Products tested, and the results The latest round tested our Kaspersky Endpoint Detection and Response solution and Kaspersky Managed Protection service. You can read about the specific settings in this article. Our solution demonstrated a high level of key technique detection at crucial stages of modern targeted attacks — in particular, in the Execution, Persistence, Privilege Escalation, and Lateral Movement phases. For detailed evaluation results and other ATT&CK-related materials, see the MITRE ATT&CK area of our corporate website.
Read next 5 ways to improve your home Wi-Fi in self-isolation Is your Wi-Fi a bit wobbly? Here are some easy tips to overcome the problem.
Tips How to set up security and privacy in Strava Want to keep your runs, rides, and hikes private on Strava? This guide will walk you through the essential privacy settings in this popular fitness app.
Tips Run for your data: Privacy settings in jogging apps Running apps know a lot about their users, so it’s worth setting them up to ensure your data doesn’t fall into the wrong hands. Here’s how.
Tips When you get a login code for an account you don’t have What to do if you receive a text with a two-factor authentication code from a service you’ve never registered for.
Tips School and cyberthreats Why cybersecurity in education is critical, and how to protect schools from attacks.