Trend Micro Incorporated, a global cybersecurity leader, excelled in the latest ATT&CK Evaluation performed by MITRE Engenuity. The Trend Micro Vision One^TM platform quickly detected 96% of attack steps from the simulation that mimicked the behavior of two infamous APT groups.

Unlike other industry organizations that test a product’s ability to detect and prevent various malware samples, MITRE Engenuity’s ATT&CK Evaluations appraise a solutions’ ability to detect targeted attacks leveraging known adversary behavior. This approach more closely mirrors real-world attacks that are most critical. MITRE Engenuity focused on techniques associated with notorious threat groups Carbanak and FIN7 in this year’s simulations.

“Security has been about spotting the tools used in an attack: MITRE Engenuity adds the dimension of recognizing rather the patterns of an attacker, no matter when different tools are used,” said Dr Moataz Bin Ali, VP and Managing Director, Trend Micro Middle East and North Africa. “MITRE ATT&CK is, like the attacks it models, complex. Doing well on a third-party test like this is satisfying – and with 96% visibility, we did very well here – especially considering it models techniques used by two of the world’s most capable threat groups. An even bigger success is helping educate organizations that ATT&CK isn’t just about the test but that ATT&CK can be a part of the everyday playbook for SOCs, which is reflected in our solutions.”

This year’s test included two simulated breaches, one at a hotel and one at a bank, using typical APT tactics such as elevation of privileges, credential theft, lateral movement and data exfiltration.

Trend Micro Vision One recorded the following impressive results:

• Delivered 96% of attack coverage to provide visibility of 167 out of 174 simulated steps across the evaluations. This broad visibility allows customers to have a clear picture of the attack and respond faster.
• 100% of attacks against the Linux host were detected, capturing 14/14 attacker steps, which is especially important considering its huge increase in use by many organizations.

• 139 pieces of telemetry were enriched by the Trend Micro Vision One platform to provide extremely effective threat visibility to better understand and investigate attacks. This is critical for SOC analysts.

• 90% of attack simulations were prevented through automated detection and response very early on in each test. Deflecting risk early on frees up investigation resources, allowing teams to focus on the harder security problems to solve.