Proving safety is challenging in any industry, whether you’re talking about automobiles, baby furniture or protective helmets. It requires special equipment and knowledge around how things can fail in the field, and a disciplined approach to executing tests that reflect real-world conditions as much as possible.

In cybersecurity, proving effectiveness is especially challenging, as the threats to our systems continue to evolve on a daily basis. A helmet that’s shown to protect its wearer from falling debris in 1970 is just as effective in 2020. Not so with cybersecurity, where the threats organizations most commonly fight today may have very little in common with what they were fighting just a month ago.

This is why CrowdStrike remains committed to regular, recurring third-party testing. It provides critical assurances to our customers that the solution they’ve invested in today continues to be effective in combating the threats of tomorrow. 

When done well, testing not only demonstrates that security solutions properly detect bad behaviors, it also validates that they do not generate mountains of unnecessary work, either in the form of benign alerts or complex tuning and configuration.

In the most recent test from SE Labs, released this week, CrowdStrike Falcon®^® delivered market-leading security via a solution that works on Day One, with simple out-of-the-box configuration. I’m proud to report that Falcon was awarded the first AAA ranking in the 2020 version of the SE Labs’ Breach Response Test — Detection Mode, including 100% detection across 15 different APT-style attacks and no false positive results — and Falcon achieved these impressive results with no cumbersome tuning or custom configuration. 

Falcon’s ability to deliver top-notch results for our customers out-of-the-box, while minimizing alert fatigue, led to another honor: being named the winner of SE Labs’ first-ever Best Endpoint Detection and Response award.

CrowdStrike Falcon®: Best Endpoint Detection and Response

CrowdStrike has participated in effectiveness testing with SE Labs since March 2018, and we have a long, continuous track record of strong results proving the efficacy of the Falcon platform’s machine learning and behavioral detection to prevent malware infections. 

Of course, malware is not the only threat to today’s enterprises. Modern adversaries use a wide range of techniques, including fileless attacks and “living off the land,” to achieve their goals. In 2019, CrowdStrike Falcon® was named Best New Endpoint Solution by SE Labs in its annual report, based on the proven power of the CrowdStrike® cloud-native architecture and single intelligent agent that protects all kinds of workloads against sophisticated attacks that go beyond malware.

This year, in naming CrowdStrike Falcon® as 2020 Best Endpoint Detection and Response solution, SE Labs once again validates the Falcon platform’s proven ability to stop all types of  breaches.

“All too often testing shows a limited snapshot of a product or service’s abilities,” said Simon Edwards, director of SE Labs Ltd. “By testing using the full attack chain, in exactly the same way as real hackers behave, SE Labs has been able to show CrowdStrike Falcon®’s true abilities in the face of adversity.”  

“CrowdStrike Falcon®’s superior detection abilities and usability in real-world incident response engagements, as seen first-hand by SE Labs consultants, earn it the Best EDR award.”

About SE Labs Breach Response Test — Detection Mode

SE Labs’ new Breach Response Test looks under the hood to show Falcon’s effectiveness in detecting highly advanced threats. In this new test, SE Labs shifts its focus from preventing malware to detecting across the full spectrum of an attack, from delivery and execution all the way to lateral movement and action. As the report says, “By using full attack chain testing with well-known ways of describing threats it is possible to test a wide range of endpoint security, ‘EDR’ and other anti-hacker security solutions and produce comparable results, in turn making purchasing (or change) decisions easier and better informed.”

The test covers 15 different attack scenarios, modeled after tactics and techniques observed in intrusions from four separate nation-state adversary groups:

• GOTHIC PANDA (APT3)
• COZY BEAR (APT29)
• REFINED KITTEN (APT33)
• HELIX KITTEN (APT34)

SE Labs researchers tested the Falcon platform with a simple configuration, with all built-in detections enabled at their most aggressive settings. Preventions were disabled for this test, as the focus was on detection of highly sophisticated tradecraft, not blocking. This is a configuration that any CrowdStrike customer could apply in seconds. 

The test itself involved executing a full range of attack stages, starting with delivery and execution of a malicious payload, progressing through privilege escalation, lateral movement and action. SE Labs scored CrowdStrike’s ability to detect sophisticated threat actor activity at every stage of the attack.

CrowdStrike’s Breach Response Test Results

Falcon achieved a string of perfect results in this latest test, including:

• AAA Rating for Breach Response, the highest rating awarded by SE Labs. This adds to CrowdStrike’s impressive record of eight AAA ratings in Enterprise Endpoint Protection, dating back to March 2018.
• 100% detection across all 15 intrusion scenarios, proving Falcon’s ability to detect sophisticated threat actor activity.
• Zero false positive results, showing that not only is Falcon highly effective at surfacing malicious activity, it does so without burying security teams with benign alerts that take time and energy to triage.

Not only did Falcon deliver impressive results against a formidable roster of adversaries, but it did so without custom configurations or labor-intensive tuning. Once again Falcon showcased high detection rates and low false positives out of the box. Falcon delivers on driving down total cost of ownership (TCO), which you can see for yourself in this Forrester Total Economic Impact Report.

Edwards went on to say, “CrowdStrike Falcon®’s great performance in the world-leading SE Labs Breach Response test shows its in-depth abilities to detect all attacks thrown at it using approaches used by some of the most sophisticated threat actors on the planet.”

We at CrowdStrike applaud SE Labs’ efforts to expand and improve the open, independent testing our industry relies on. Breach emulation by SE Labs, MITRE and other third parties is critical in helping our industry understand the true effectiveness of the cybersecurity products we all rely upon every minute of every day. I could not be prouder of Falcon’s results, and we remain steadfast in our commitment to third-party testing as critical validation of our ability to deliver on our mission to stop breaches. 

Additional Resources

• Read the SE Labs Breach Response Test Report.
• Read the SE Labs 2020 Annual Report.
• Learn more about the powerful CrowdStrike Falcon® platform by visiting the product page.
• Read the Forrester Total Economic Impact Report.
• Get a full-featured free trial of CrowdStrike Falcon® Prevent™ and learn how true next-gen AV performs against today’s most sophisticated threats.