Cybereason achieves 100% prevention, visibility, real-time protection

Brandon Rochat, Sales Director for Africa, Cybereason.

---

Cybereason, the XDR company, has announced that the results of round four of the ATT&CK Evaluations conducted by MITRE Engenuity affirm the superior prevention and detection capabilities of the AI-driven Cybereason XDR Platform.

Cybereason achieved perfect scores in nearly every aspect of the evaluations, including 100% prevention – detecting and preventing 100% of the nine different attack sequences evaluated for both Windows and Linux. 

The company also achieved 100% visibility by exposing 100% of the 109 different attack behaviours evaluated for both Windows and Linux. It also showed 100% real-time protection with zero delayed detections.

Furthermore, Cybereason showed 99% analytical coverage with detections mapped back to the key ATT&CK techniques evaluated. It also required minimal configuration – Cybereason delivered out-of-the-box protection with minimal configuration changes required.

Round five of the ATT&CK Evaluations highlights the efficacy of our NGAV and EDR capabilities in protecting against sophisticated attack techniques from threat actors like Sandworm and Wizard Spider.

In addition, the Cybereason XDR Platform delivers AI-driven prevention, detection and predictive response protection that identifies and blocks advanced threats at the earliest stages of an attack.

The results from all four years of the ATT&CK Evaluations highlight how the Cybereason solutions map directly to the ATT&CK framework to deliver unparalleled detection of advanced threat actor tactics, techniques and procedures (TTPs).

The superior out-of-the-box efficacy that the AI-driven Cybereason XDR Platform delivers means there is little need for solution configuration changes at deployment. Organisations can immediately benefit from exceptional real-time prevention and detection capabilities, automated and one-click predictive response options to stop the most advanced cyber attacks.

Cybereason Sales Director for Africa, Brandon Rochat, points to what the MITRE Engenuity ATT&CK Evaluation results mean to the enterprise. "Organisations are increasingly mapping their threat detection strategies to the ATT&CK framework.

"This provides a common language for defenders to understand the range of techniques adversaries can use to gain initial access, escalate privileges, steal account credentials, move laterally in the targeted network, and ultimately to exfiltrate sensitive data or disrupt critical business operations," he explains.

The MITRE Engenuity ATT&CK Evaluations reveal how vendors approach the same challenges in reducing the time required to identify, understand and respond to malicious actions before material damage occurs.

Rochat believes the results highlight the effectiveness of Cybereason under real-world conditions because the AI-driven Cybereason XDR Platform identifies attacks earlier by correlating behavioural telemetry across the entire network, including the broad range of device types, user identities, application suites, cloud workloads and more.

"The Cybereason MalOp reduces mean time to detection and response (MTTD and MTTR) by immediately providing the complete attack story from root cause without the need for complex queries. Cybereason delivers actionable detections and predictive response across all measured MITRE ATT&CK evaluation categories without inundating analysts with a barrage of uncorrelated alerts," he adds.

Cybereason CEO and Co-Founder Lior Div says these results validate the superior detection and protection capabilities that Cybereason delivers against the most complex attack sequences. “The ATT&CK framework is the go-to standard for assessing solution efficacy today.

"We are proud of both our outstanding performance in all four years of the evaluations, and of our ongoing collaboration with MITRE CTID to further improve detection based on the most subtle of attacker behaviours. This is how we begin to defend forward as a community, stop relying so much on reactive approaches and take the fight to the adversary through behaviour-oriented predictive response,” he says.

Cybereason also collaborates with MITRE Centre for Threat-Informed Defence (CTID) on the Attack Flow Project, which seeks to develop a common data format for describing sequences of adversary behaviour in order to improve defensive capabilities.

The goal of the Attack Flow Project is to generate a machine-readable representation of a sequence of attacker actions and context along with specific descriptive attributes of those actions and assets composed of five main objects: the flow itself, a list of actions, a list of assets, a list of knowledge properties, and a list of causal relationships between the actions and assets.

Cybereason joined the Centre as a Research Participant to conduct research and development to support further evolution of the MITRE Engenuity ATT&CK framework. Cybereason and the centre work to provide defenders with a deep understanding of adversary tradecraft and advances in the development of countermeasures for prevention, detection and response to complex threats.

“Defenders often have to track adversary techniques individually, meaning they can only focus on one specific activity at a time, but adversaries use complex sequences in their attack flows to hide in the network seams and avoid detection until it’s too late,” said Sam Curry, Cybereason CSO.

“Being able to understand the context and correlations across those sequences by chaining together the otherwise disparate indicators of behaviour (IOBs), allows defenders to surface complex attacks earlier in the attack sequence and creates the opportunity to respond faster as threats are emerging,” Curry explains.

Cybereason is dedicated to teaming with defenders to end attacks across the enterprise to anywhere the battle is taking place. Contact us today to learn how your organisation can benefit from an operation-centric approach through the AI-driven Cybereason XDR Platform.