CrowdStrike MDR excels in the latest MITRE Engenuity ATT&CK® Evaluations

CrowdStrike scores 99% detection coverage

CrowdStrike Falcon® Complete managed detection and response (MDR) achieved the highest detection coverage in the 2022 MITRE Engenuity ATT&CK® Evaluations for Security Service Providers, reporting 75 of the 76 adversary actions and identifying the threat actor in minutes.

MITRE Group 1

What is the MITRE Engenuity ATT&CK Evaluations for Security Services Providers?

A first-of-its-kind test of MDR providers, simulating a real-world attack scenario to assess solution efficacy.

  • The MITRE ATT&CK Framework is a system that tracks cyber adversary tactics and techniques.
  • MITRE Engenuity tested 16 MDR solutions during a 5-day evaluation conducted during typical 8 a.m. to 5 p.m. business hours.

MITRE Engenuity's first ever closed-book evaluation

MITRE Engenuity introduced a new, closed-book evaluation process that purposefully kept vendors in the dark without any upfront information about the threat scenario.

  • This method mimicked a real-world attack and provided a more accurate assessment of vendor capabilities.
  • The results are a transparent indication of how a vendor would perform during a real intrusion.

The challenge: OilRig (HELIX KITTEN)

MITRE Engenuity emulated the tradecraft of OilRig, a suspected Iranian-nexus threat group tracked by CrowdStrike as HELIX KITTEN.

  • Active since at least 2014, this adversary targets Middle Eastern and international victims across multiple sectors.
  • The group is known for its well-structured spear-phishing messages.
  • The scenario imitated this tactic to begin the evaluation.

Most vendors missed at critical attack stages — but not CrowdStrike

  • Excluding CrowdStrike, other vendors missed an average of 17 steps.
  • 65% of vendor misses occurred in three of the 10 attack stages — taking place at highly critical junctures at the beginning and end of the attack.
  • Lateral movement was also frequently missed relative to vendor detections in other attack stages.

CrowdStrike's advantage: the platform and 24/7 analyst expertise

Analyst-driven MDR operations combined with the power of the most advanced security platform gives CrowdStrike an edge that no autonomous MDR will ever match.

spotlight-icon

Full-cycle response

Most security service providers send detected threat events back to customers to deal with. At CrowdStrike, we carry out the entire response for every threat, for true end-to-end MDR protection.

Asset 219_s2_Other_CS_Product_Icons

Proactive threat hunting

CrowdStrike Falcon® OverWatch™, a proactive threat hunting service, operates around-the-clock to unearth the stealthiest, most advanced attacks and adversary tradecraft in existence.

falcon-icon-

Threat intelligence

Our threat intelligence on HELIX KITTEN enabled us to identify the threat actor in under 13 minutes and predict their next tactics.

falcon-icon-

MDR at speed and scale

Supercharge your security center, deploy in days and reach new economies of scale that can net you over 403% ROI with CrowdStrike Falcon® Complete for MDR.

Watch our expert analysis of the MITRE Engenuity results

Charting the Future of the Security Operations Center with MDR

Join CrowdStrike CTO, Michael Sentonas, and VP and GM of Falcon Complete MDR, Austin Murphy, for a walkthrough of MITRE Engenuity’s most recent evaluation of MDR solutions. Learn how to interpret the results, and what this evaluation says about the state of modern MDR solutions.

Watch now

CrowdStrike’s 2022 MITRE Engenuity ATT&CK Report Card

Download the report and see for yourself in detail all of the malicious activity CrowdStrike discovered and meticulously analyzed during MITRE Engenuity’s first-ever MDR evaluation.

See Falcon Complete MDR
in action today

Discover firsthand the MDR solution with the highest detection coverage
in the 2022 MITRE Engenuity ATT&CK Evaluation: Falcon Complete MDR.