A new year, a new MITRE assessment. The kind individuals at MITRE have once again provided security vendors a chance to showcase their capabilities in safeguarding against contemporary attack methods. Trend is enthusiastic to display its prowess.
If you haven’t already, join the MITRE Slack community or follow them on X to stay updated with the latest MITRE ATTACK news: Get in Touch with MITRE ATTACK®
What’s Different This Year?
- Two specific adversary focal points: Ransomware targeting Windows and Linux, and the DPRK focusing on macOS.
- Ransomware: “The transition to the more adaptable Ransomware-as-a-service (Raas) model lowers barriers to entry for malicious groups, negating the necessity for custom malware and empowering less experienced handlers to effectively target organizations. This democratization of ransomware has fueled a surge in ransomware attacks globally.”
- DPRK: “North Korea has emerged as a formidable cyber threat, progressively utilizing cyber operations to enhance the advancement of their nuclear capabilities. By extending their focus to macOS, the DPRK gains the capability to target and breach additional high-value systems, a tactic they have increasingly employed in recent years.” “The macOS simulation will delve into adversary actions influenced by the DPRK’s transition to creating sophisticated, multi-stage malware.”
- For more information, click here: ATT&CK® Assessments
- MacOS – Despite Windows being more dominant and susceptible, the era where merely using MacOS made one feel entirely secure is over. This year, macOS has been included by MITRE to offer more diverse platform assessments. It’s crucial to remember that attackers do not differentiate – regardless of your industry, OS, or location around the globe; staying watchful is essential. Trend Vision One is readily available for Windows, Linux, MacOS, and more.
- This year’s evaluation closely resembled a genuine real-world test, and we’re delighted that MITRE has taken this initiative. It provides organizations with a much deeper insight into how each vendor readies themselves against modern and unique attack methods.
Visibility and Identification
Without tooting our own horn, Trend Vision One emerged vigorously this year with;
- 100% analysis coverage for all major procedures
- 100% analysis coverage for all sub-procedures in Linux and MacOS
- 100% analysis coverage for all sub-steps in server platforms (Windows/Linux)
- 99% analysis coverage for all sub-steps
Is Trend Vision One efficient at spotting threats? Undoubtedly. Trend Vision One leaves intruders nowhere to conceal.
In the previous year’s Turla assessment, our detection rate was lower, yet we still thwarted every attack, hence preventing any successful breaches in any scenario. We deliberated on the trade-off between detections vs. noise. Achieving 100% detection is remarkable, however, it can lead to increased alert volumes, a familiar scenario for security professionals. This year, we achieved 100% detection with a higher alert volume. This underscores the compromises that security teams confront: should we prioritize absolute visibility and accept a surplus of alerts, or should we strive to minimize noise without compromising detection significantly? Ultimately, each organization must ascertain where to strike that equilibrium.
It’s imperative to acknowledge that not all alerts and detections hold identical importance. There are indispensable alerts and a surplus of ‘other’ alerts which can resemble spam flooding your inbox. Sorting through all these manually is a daunting task that could drive one to the brink of frustration. Alert prioritization is a vital necessity that security teams should not operate without. Fortunately, we have you covered in that aspect as well.
One of the advantages of Trend Vision One is that it doesn’t force you to opt for one approach over the other – we furnish you with the resources to precisely decide where your team should stand. The Workbench in Vision One endows you with peace of mind by correlating alerts, assigning priorities, and sifting out redundant alerts while Observed Attack Techniques in Vision One present a less filtered perspective akin to what you might encounter in a SIEM, albeit arranging the alerts by severity. Trend clientele always have access to both methodologies, ensuring that they aren’t left grappling with a slew of alarms, pondering, “… what now?” We guide you on where to commence your investigations and help automate your response.
There’s a third alternative as well: entrusting these concerns to someone else, reclaiming your evenings and weekends. You can explore how our MDR team performed in the recent MITRE Managed Services evaluation here: In-Depth Analysis: menuPass and ALPHV/BlackCat Threats. For uninterrupted security coverage, Trend remains your ultimate choice.
Safeguarding
Shielding enterprises against cyber threats has been Trend’s forte for decades. In prior evaluations, it was a given that Trend would neutralize 100% of threats. This time, we impeded 70%, signifying that three methods eluded blockage by Trend Vision One. The positive aspect is that by the time you read this, Trend Vision One has been updated with the necessary defenses. It denotes, however, that certain methods went unobstructed that should’ve been halted. Yet, this is the beauty of these MITRE assessments: they offer a clearer insight into areas requiring further refinement. Nearly all vendors partaking in this year’s assessments have room for growth in this regard: reinforcing the fact that while protection stands as the primary line of defense, it alone doesn’t suffice.
Why Engage in these Assessments?
They serve as a significant litmus test for our daily endeavors, keeping us on our toes. With a plethora of contented customers globally, our enduring presence stems from never pausing and never settling. Our top-tier threat researchers work ceaselessly to ensure we constantly outpace attackers, and our products undergo rigorous testing daily. The MITRE evaluations offer us another avenue to uphold this commitment and prove to our clientele that we are deeply dedicated to cybersecurity – a mission we continue unwaveringly. I firmly believe it’s our dedication to this cause that prompts security experts to commence their day with Trend Vision One.
“I rely entirely on my Vision One. It’s the primary task upon waking every morning, checking my score.”
Troy Riegsecker, Infrastructure Manager, Fischer Homes
While you may be gradually unwinding for the holidays, we are gearing up for the forthcoming threats and the subsequent MITRE evaluation. Stay watchful and if you wish to explore how Trend Vision One can assist you in outsmarting attackers, take a peek and experiment for free.
Revisit last year’s evaluation here: Decoding Turla: Trend Micro’s MITRE Performance
Associated Articles
About Author
