Skip to main

Kaspersky in MITRE ATT&CK®

As cyberattacks grow more complex and persistent, understanding criminal techniques becomes key to effective enterprise cyber-defense. See how the MITRE ATT&CK methodology is used to evaluate Kaspersky’s performance.


MITRE ATT&CK® is an open knowledge database where attackers' arsenals and behaviors are collected and categorized by MITRE researchers, based on multiple real-world studies and threat reports. ATT&CK is a valuable framework for organizations seeking a better understanding of specific threats they may face.
Since 2018, MITRE has been evaluating cybersecurity products, based on the ATT&CK framework. In these evaluations, researchers emulate known adversary behaviors to reveal how each product detects the different steps of a targeted attack. There are no scores, rankings, or ratings in this evaluation. Instead, MITRE shows how each vendor approaches threat defense within the context of ATT&CK, so any organization can see the true capabilities of a security product in addressing its individual concerns.
In 2019, Kaspersky took part in MITRE ATT&CK Evaluation Round 2: our security products were tested against attack techniques of the APT29 threat group. Here you'll find the evaluation results and important comparative metrics, together with our views on MITRE methodologies.

Round 2 Evaluation Results
See how Kaspersky performs against APT29 techniques in the ATT&CK evaluation
Round 2: Visual Perspective
See how Kaspersky looks against other participating vendors
Round 2: Our Configuration
More details about the Kaspersky solution used in ATT&CK Evaluation
ATT&CK Evaluation: Insights
Learn about the methodology specifics, for better understanding of results
What's behind APT29?
How they attack: the story of our hunt for the CozyDuke criminal group
Visiting MITRE
Find out what being evaluated actually feels like
Mapping EDR to ATT&CK
See how Kaspersky EDR maps its findings to the MITRE techniques
ATT&CK in MDR services
How effective is the MITRE matrix in security operations?
ATT&CK in APT Reports
Outsmart your adversaries with Kaspersky Threat Intelligence
ATT&CK for ICS: Industroyer
See how Kaspersky Industrial CyberSecurity deals with an Industroyer-based APT