Press Release | Media on CrowdStrike

MITRE ATT&CK Evaluation Highlights CrowdStrike Falcon®’s Comprehensive Threat Detection and Visibility

Falcon’s industry-leading endpoint protection reduces the time it takes to understand, contain, and remediate security incidents

SUNNYVALE, Calif. – April 21, 2020 – CrowdStrike® Inc. (Nasdaq: CRWD), a leader in cloud-delivered endpoint protection, today announced it has successfully completed its second MITRE ATT&CK® evaluation. The CrowdStrike Falcon® platform was evaluated for its ability to detect attack techniques employed by COZY BEAR (also known as APT29), a sophisticated nation-state adversary affiliated with the Russian government. 

ATT&CK is a MITRE-developed knowledge base of adversary tactics and techniques based on real-world observations to describe and better understand threats, and to pinpoint gaps in visibility and process. The MITRE ATT&CK evaluation tests a vendor’s ability to detect attacker activity across the full spectrum of sophisticated attacks, from initial breach all the way through lateral movement, persistence, and exfiltration. 

CrowdStrike’s results in this latest MITRE evaluation indicate once again that CrowdStrike Falcon® delivers best-in-class visibility and detection, using its lightweight agent, local machine learning and sophisticated cloud-native EDR capabilities to deliver complete threat protection across the entire breadth of the ATT&CK framework. Unlike other vendors, Falcon also provides security analysts the deep context necessary to understand threats quickly and act decisively, improving overall security posture. 

Key results include: 

  • CrowdStrike Falcon® delivered broad endpoint detection and response (EDR) for defenders across the entire MITRE ATT&CK framework, including visibility into each of the 19 separate phases of the entire simulated attack.
  • CrowdStrike’s unique CrowdScore capability correlated a wide range of data within the simulation, proving to be a true force multiplier to help ultimately defeat the adversary. 
  • Falcon provided proactive and comprehensive detections to individual attack techniques, without requiring product updates or configuration changes. Falcon offered contextualized analysis for each phase of the simulated attack, reducing the time needed to understand, contain, and remediate incidents.
  • Falcon OverWatch, CrowdStrike’s team of expert threat hunters, contributed additional context and visibility to the results, combining machine learning with deep human expertise to thwart the sophisticated simulation.

“As CrowdStrike Falcon® was introduced to solve deep customer pain points through a modern, scalable, and transformative platform technology, we are delighted to continue our exceptional record of demonstrating CrowdStrike’s powerful technology in this comprehensive evaluation,” said Michael Sentonas, CrowdStrike’s chief technology officer. “We remain committed to participating in independent and credible third-party testing, and congratulate MITRE as they continue to demonstrate just how critical this kind of testing is within the security industry. By sharing these insights about the tools and capabilities available in this crowded and fragmented market, they help organizations make actionable and informed decisions to thrive in today’s complex threat landscape.“

Today, CrowdStrike Falcon® correlates over 3 trillion endpoint-related events per week in real time from across the globe, leveraging machine learning and behavioral analytics to detect, respond and remediate today’s sophisticated cyber threats

CrowdStrike Falcon® has been repeatedly tested and certified as an effective AV replacement by AV-Comparatives, SE Labs, and others.

To learn more about CrowdStrike’s performance in this latest round of testing and review the full results, please visit MITRE’s website.

About CrowdStrike

CrowdStrike® Inc. (Nasdaq: CRWD), a global cybersecurity leader, is redefining security for the cloud era with an endpoint protection platform built from the ground up to stop breaches. The CrowdStrike Falcon® platform’s single lightweight-agent architecture leverages cloud-scale artificial intelligence (AI) and offers real-time protection and visibility across the enterprise, preventing attacks on endpoints on or off the network. Powered by the proprietary CrowdStrike Threat Graph®, CrowdStrike Falcon® correlates over 3 trillion endpoint-related events per week in real time from across the globe, fueling one of the world’s most advanced data platforms for security.

With CrowdStrike, customers benefit from better protection, better performance and immediate time-to-value delivered by the cloud-native Falcon platform.

There’s only one thing to remember about CrowdStrike: We stop breaches.

Qualifying organizations can gain full access to Falcon Prevent™ by starting a free trial.

Learn more:

Follow us: Blog | Twitter

© 2020 CrowdStrike, Inc. All rights reserved. CrowdStrike, the falcon logo, CrowdStrike Falcon® and CrowdStrike Threat Graph are marks owned by CrowdStrike, Inc. and registered with the United States Patent and Trademark Office, and in other countries.  CrowdStrike owns other trademarks and service marks, and may use the brands of third parties to identify their products and services.


CrowdStrike, Inc.
Ilina Cashiola, 202-340-0517