CrowdStrike MDR excels in the latest MITRE Engenuity ATT&CK® Evaluations
CrowdStrike scores 99% detection coverage
CrowdStrike Falcon® Complete managed detection and response (MDR) achieved the highest detection coverage in the 2022 MITRE Engenuity ATT&CK® Evaluations for Security Service Providers, reporting 75 of the 76 adversary actions and identifying the threat actor in minutes. Read CrowdStrike’s technical analysis of the MITRE evaluation.
What is the MITRE Engenuity ATT&CK Evaluations for Security Services Providers?
A first-of-its-kind test of MDR providers, simulating a real-world attack scenario to assess solution efficacy.
- The MITRE ATT&CK Framework is a system that tracks cyber adversary tactics and techniques.
- MITRE Engenuity tested 16 MDR solutions during a 5-day evaluation conducted during typical 8 a.m. to 5 p.m. business hours.
MITRE Engenuity's first ever closed-book evaluation
MITRE Engenuity introduced a new, closed-book evaluation process that purposefully kept vendors in the dark without any upfront information about the threat scenario.
- This method mimicked a real-world attack and provided a more accurate assessment of vendor capabilities.
- The results are a transparent indication of how a vendor would perform during a real intrusion.
The challenge: OilRig (HELIX KITTEN)
MITRE Engenuity emulated the tradecraft of OilRig, a suspected Iranian-nexus threat group tracked by CrowdStrike as HELIX KITTEN.
- Active since at least 2014, this adversary targets Middle Eastern and international victims across multiple sectors.
- The group is known for its well-structured spear-phishing messages.
- The scenario imitated this tactic to begin the evaluation.
Most vendors missed at critical attack stages — but not CrowdStrike
- Excluding CrowdStrike, other vendors missed an average of 17 steps.
- 65% of vendor misses occurred in three of the 10 attack stages — taking place at highly critical junctures at the beginning and end of the attack.
- Lateral movement was also frequently missed relative to vendor detections in other attack stages.
CrowdStrike's advantage: the platform and 24/7 analyst expertise
Analyst-driven MDR operations combined with the power of the most advanced security platform gives CrowdStrike an edge that no autonomous MDR will ever match.
Most security service providers send detected threat events back to customers to deal with. At CrowdStrike, we carry out the entire response for every threat, for true end-to-end MDR protection.
Proactive threat hunting
CrowdStrike Falcon® OverWatch™, a proactive threat hunting service, operates around-the-clock to unearth the stealthiest, most advanced attacks and adversary tradecraft in existence.
Our threat intelligence on HELIX KITTEN enabled us to identify the threat actor in under 13 minutes and predict their next tactics.
MDR at speed and scale
Supercharge your security center, deploy in days and reach new economies of scale that can net you over 403% ROI with CrowdStrike Falcon® Complete for MDR.
Watch our expert analysis of the MITRE Engenuity results
Technical Analysis of the 2022 MITRE Evaluation
Download CrowdStrike’s technical analysis of the evaluation and see for yourself how the top MDR solutions in the market stack up.