Complete detection at all major phases
The most recent MITRE Engenuity ATT&CK Evaluations for Managed Services presented attacks based on the tactics of real-world adversaries menuPass and BlackCat/AlphV. These attacks were sophisticated and designed to persist in the network post-breach, carrying out detrimental activities over a period.
Trend MDR achieved full detection coverage, highlighting our success in the field of cybersecurity:
- 100% coverage across all key attack stages
- 100% detailed insights on TTPs
- 86% actionable rate for major stages
Innovative Solutions by Trend MDR
Before the MDR evaluation, MITRE Engenuity conducted a survey to gauge market perceptions and expectations of managed cybersecurity services. Over half (58%) of respondents indicated reliance on managed services to complement their in-house SOC or as their primary line of defense. This percentage increased to 68% for companies with less than 5,000 employees.
At Trend, our MDR service meets these requirements by integrating AI methodologies with human threat analysis and expertise. We correlate data to identify threats that may evade detection as lower-level alerts. Our experts prioritize threats based on severity, identify attack origins, and create detailed response strategies.
XDR plays a pivotal role in achieving these security outcomes by expanding visibility beyond endpoints to other critical areas where threats might evade detection: servers, email systems, identities, mobile devices, cloud workloads, networks, and operational technologies (OT).
Embedded within XDR insights is profound global threat intelligence. This native telemetry ensures precise detections, robust correlations, and contextual insights. Additionally, global threat intelligence enhances threat detection accuracy and speed. Alongside a diverse third-party integration ecosystem and response automation across vectors, Trend Vision One introduces a comprehensive SOC platform. This platform empowers security teams to expedite investigations, freeing up time for proactive security measures such as threat hunting and detection engineering. Some smaller teams rely entirely on our MDR service for their security operations.
With Trend Vision One, teams have access to a constantly expanding library of detection models and the capability to design custom detection models tailored to their specific threat landscape.
Demonstrated Competence in Issuing High-Confidence Alerts
Security and SOC teams are bombarded with detection alerts and noise. Our visibility and analytics practices strike a balance between delivering early critical alerts about adversarial techniques and managing alert fatigue to enhance the analyst experience. Our MDR operations team utilizes platform advantages to only alert customers when essential.
In the MITRE Engenuity ATT&CK Evaluations simulations, there were no instances where menuPass and BlackCat/AlphV attacks could breach the environment undetected or unimpeded.
It’s vital to note that MITRE Engenuity does not rank products or solutions. Instead, it offers objective assessments without scores. Each service and solution operates differently, and the evaluation focuses on strengths and areas for enhancement within each offering.
Insights into the Cyber Threats
The menuPass threat group has been active since at least 2006. Some of its members have been linked to the Tianjin State Security Bureau of the Chinese Ministry of State Security and the Huaying Haitai Science and Technology Development Company. This group has targeted various sectors including healthcare, defense, aerospace, finance, and government. BlackCat is a Rust-based ransomware service observed first in November 2021. It has targeted organizations across continents in multiple sectors.
Testing Our Service
Actions speak louder than words in cybersecurity. Our substantial investment in research and development reflects in our MDR service, supporting enterprises worldwide.
We focus on continuous improvement to provide cutting-edge solutions for security teams to safeguard their organizations. As we refine our solutions, MITRE Engenuity evolves its evaluation procedures. The “actionability” category introduced in this evaluation examines if alerts offer sufficient context for analysts to act promptly. We are heavily investing in process and technology to enhance contextual awareness, prioritization, and intelligent action guidance while managing communication effectively and minimizing false positives.
Throughout the testing scenarios, we have addressed areas for improvement through dedicated engineering and development initiatives to maintain our high standards and meet user expectations. We are delighted to see our MDR service exhibit robust detection capabilities across the attack chain within the service and the underlying Trend Vision One platform.
We encourage all our MDR customers to review the MITRE Engenuity ATT&CK Evaluations for Managed Services to gauge the strength of their defense strategies and reach out to us with any inquiries or feedback.
Future Steps
For more insights on Trend MDR, XDR, and related topics, explore these additional resources:
About Author
