Press Release | Media on CrowdStrike

CrowdStrike Falcon® Endpoint Protection Platform Validated Against MITRE ATT&CK™ Framework in Nation-State Emulation Test

Calls on Security Industry to adopt MITRE ATT&CK Framework Validation for real-world efficacy testing

Sunnyvale, CA – February 13, 2018 – CrowdStrike® Inc., the leader in cloud-delivered endpoint protection, today announced it has successfully completed an evaluation by MITRE’s Leveraging External Transformational Solutions (LETS) program. The CrowdStrike Falcon® platform was validated for its ability to detect attack techniques employed by GOTHIC PANDA (also known as APT3), a sophisticated adversary with nexus to the Chinese government.

Legacy malware-focused tests are incapable of providing a realistic assessment of security products’ ability to detect advanced adversaries who often do not rely on malware but leverage exclusively legitimate living-off-the-land tools. On the other hand, the MITRE program is the first and only public adversary emulation leveraging the MITRE ATT&CK  framework to validate security solutions’ detection effectiveness against real-world tradecraft from sophisticated nation-state attackers. The adversary emulation tests for the product’s ability to detect attack techniques across the kill chain: Persistence, Privilege Escalation, Defense Evasion, Credential Access, Discovery, Lateral Movement, Execution, Collection, Exfiltration and Command & Control.  

CrowdStrike Falcon® performed extremely well at detecting the GOTHIC PANDA adversary and tracked nearly every technique used in the emulation, providing comprehensive visibility to enable real-time investigation of the intrusion. According to the MITRE report, “CrowdStrike uses a collaboration of machine and human, bringing together both proprietary APT detecting software (Falcon Insight) and Managed Threat Hunting Service operators (Falcon OverWatch) to identify malicious activity. Combining both products, along with CrowdStrike Falcon®’s user interface, assisted in the detection and investigation of GOTHIC PANDA attack techniques emulated by the LETS team.”

“CrowdStrike believes that third-party testing and independent validation of next-generation products are critical in defining the new standard in endpoint protection and helping customers differentiate hype from reality. We urge other solutions providers, especially in the next-generation category, to participate in this important MITRE validation,” said Dmitri Alperovitch, CrowdStrike’s co-founder and chief technology officer. “We are pleased with our successful performance in MITRE’s comprehensive evaluation of CrowdStrike Falcon®’s ability to detect nearly all GOTHIC PANDA tradecraft and look forward to continuing our participation in reputable industry testing that represents real-world detection efficacy.”

Read a blog about this emulation by CrowdStrike CTO Dmitri Alperovitch and download the MITRE report here.

CrowdStrike was positioned highest for its ability to execute and furthest for completeness of vision in the Visionary Quadrant of the 2018 Gartner Magic Quadrant for Endpoint Protection Platforms (EPP).

CrowdStrike Falcon® leverages machine learning and behavioral analytics, trained on processing nearly 100 billion security events a day, to enable reliable detection, mitigation, and response of all threats, including malware-free intrusions. CrowdStrike Falcon® has been independently tested and certified as an effective AV replacement by AV-Comparatives for Windows and Mac and SE Labs.

About CrowdStrike®

CrowdStrike is the leader in cloud-delivered endpoint protection. Leveraging artificial intelligence (AI), the CrowdStrike Falcon® platform offers instant visibility and protection across the enterprise and prevents attacks on endpoints on or off the network. CrowdStrike Falcon® deploys in minutes to deliver actionable intelligence and real-time protection from Day One. It seamlessly unifies next-generation AV with best-in-class endpoint detection and response, backed by 24/7 managed hunting. Its cloud infrastructure and single-agent architecture take away complexity and add scalability, manageability, and speed.

CrowdStrike Falcon® protects customers against all cyber attack types, using sophisticated signatureless AI and Indicator-of-Attack (IOA) based threat prevention to stop known and unknown threats in real time. Powered by the CrowdStrike Threat Graph™, Falcon instantly correlates nearly 100 billion security events a day from across the globe to immediately prevent and detect threats.

There’s much more to the story of how Falcon has redefined endpoint protection but there’s only one thing to remember about CrowdStrike: We stop breaches.

You can gain full access to CrowdStrike Falcon® Prevent™ by starting your free trial here.

Learn more:

Follow us: Blog | Twitter

© 2018 CrowdStrike, Inc. All rights reserved. CrowdStrike®, CrowdStrike Falcon®, CrowdStrike Threat Graph™, CrowdStrike Falcon® Prevent™, Falcon Prevent™, CrowdStrike Falcon® Insight™, Falcon Insight™, CrowdStrike Falcon® Discover™, Falcon Discover™, CrowdStrike Falcon® Intelligence™, Falcon Intelligence™, CrowdStrike Falcon® DNS™, Falcon DNS™, CrowdStrike Falcon® OverWatch™, Falcon OverWatch™, CrowdStrike Falcon® Spotlight™ and Falcon Spotlight™ are among the trademarks of CrowdStrike, Inc. Other brands may be third-party trademarks.


CrowdStrike, Inc.
Ilina Cashiola, 202-340-0517

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace.

CRN is a registered trademark of The Channel Company, LLC. All rights reserved

The Channel Company Contact:            

Melanie Turpin
The Channel Company


[1] *Source: Gartner, “Magic Quadrant for Endpoint Protection Platforms,” Ian McShane, Avivah Litan, Eric Ouellet, Prateek Bhajanka, 24 January 2018.