MITRE Engenuity - Experts & Thought Leaders

AV-Comparatives, the globally recognised authority in independent cybersecurity testing, has released its 2024 Endpoint Prevention and Response (EPR) Comparative Report, showcasing the exceptional performance of pioneering cybersecurity solutions. The report evaluates the ability of these products to detect, prevent, and respond to advanced threats in real-world scenarios. MITRE ATT&CK® framework AV-Comparatives' rigorous assessment covered products from Bitdefender, Check Point, CrowdStrike, ESET, Kaspersky, Palo Alto Networks, and VIPRE, measuring each against a broad spectrum of complex attack vectors, such as PowerShell Empire, Metasploit Framework, and Commercial Attack Frameworks. The testing utilised the MITRE ATT&CK® framework, ensuring that the results provide invaluable insights for organisations looking to bolster their endpoint security. AV-Comparatvies' EPR Test AV-Comparatvies' EPR Test is designed to evaluate the efficacy of these solutions in countering complex Endpoint Protection Products (EPP), Endpoint Detection and Response (EDR), and Extended Detection and Response (XDR) solutions are vital components of enterprise security, providing defences against targeted threats such as advanced persistent threats (APTs).  AV-Comparatvies' Endpoint Prevention and Response (EPR) Test is designed to evaluate the effectiveness of these solutions in countering complex, multi-stage attacks that target an organisation's entire infrastructure. Top performers (in alphabetical order) Bitdefender had strong detection and response capabilities, delivering consistent protection across various threat scenarios. Check Point demonstrated reliable and comprehensive threat prevention, proving its effectiveness in mitigating complex cyber risks. CrowdStrike delivered a strong performance, showing reliable threat detection and response capabilities, ensuring minimal disruption to operations. ESET provided well-rounded defense strategies, particularly effective in handling advanced and emerging threats. Kaspersky offered a robust set of protection tools, proving reliable in both the detection and prevention of targeted attacks. Palo Alto Networks delivered a solid performance, reinforcing its capabilities in proactive threat detection and security innovation. VIPRE delivered efficient protection, providing reliable defense mechanisms at a competitive cost. These vendors achieved outstanding results by demonstrating their ability to protect against and respond to advanced persistent threats (APTs), ransomware, and other complex cyberattacks. This year's evaluation highlighted their continual evolution in response to the growing complexity of attack tactics, techniques, and procedures (TTPs). Comprehensive evaluation The testing spanned several months, from June to August 2024, with products undergoing assessments in multiple phases, from Initial Access and Lateral Movement till Exfiltration and Impact. Each product was tested in real-world attack scenarios to simulate the high-stakes environments that enterprises face today. AV-Comparatives emphasized the importance of these evaluations: "As cyberattacks grow more sophisticated, it is critical for organisations to rely on solutions that can offer not only prevention but also rapid and effective response capabilities. Our 2024 EPR report serves as a benchmark for IT professionals and cybersecurity analysts to assess and choose the most effective cybersecurity solutions." Endpoint security solutions AV-Comparatives EPR Test and MITRE Engenuity have their merits, each providing insights into endpoint security keys The difference between AV-Comparatives' EPR Test and MITRE ATT&CK Engenuity. Both the AV-Comparatives EPR Test and MITRE Engenuity have their merits, each providing useful insights into endpoint security solutions. Understanding the differences between these two tests is essential for IT managers, CISOs, and other tech-savvy professionals looking to select endpoint security solutions that will effectively protect their environments. Key takeaways for CISOs and cybersecurity analysts For CISOs and cybersecurity analysts, the 2024 EPR Comparative Report provides a data-driven perspective on the capabilities of pioneering vendors. It offers an in-depth analysis of how each product performs under pressure, which is essential for making informed decisions about endpoint security investments. Given the evolving threat landscape, selecting the right EPR solution can significantly reduce the risk of breaches and improve overall incident response.

SentinelOne, a global pioneer in AI-powered security, announced a series of groundbreaking innovations to the Singularity Platform that leverage the industry’s most advanced generative AI technology, major new advancements delivered on a unified agent, and pioneering data insights to supercharge threat prevention, detection and response and empower customers to secure their operations from end-to-end in a simple, unified way. “With our latest innovations, we are enhancing the ability of security teams to see everything, already prioritised and contextualised, so that they can stay ahead of attacks and strengthen their security posture across every surface from a single platform,” said Ric Smith, Chief Product and Technology Officer, SentinelOne. “This is the future of enterprise security, and SentinelOne is pioneering the way in delivering it today.” One platform. One agent. One console. One data lake. Built atop the industry’s most performant data lake, SentinelOne’s fully integrated Singularity platform unifies AI-powered technology with expert insights and third-party data to protect every endpoint, identity, and cloud workload.  Natural language with Purple AI New natural language alert summaries and alert query support with Purple AI Purple AI, the first AI security analyst, now provides natural language alert summaries Seamlessly embedded throughout the Singularity Operations Centre, Purple AI, the first AI security analyst, now provides natural language alert summaries – including alerts from third-party vendors who may themselves require their own portals – so analysts can easily view and understand the details of their alerts across their environment.  Analysts can further query alert information using natural language to get information such as total reported alerts, unassigned critical alerts, and more and get quick answers right within their investigation notebooks.  Continued innovation in cloud security with CIEM Available on the Singularity Platform as part of Singularity Cloud-Native Security, Cloud Infrastructure Entitlement Management (CIEM) helps organisations manage and control access rights to cloud resources. With this innovation, customers can leverage the pioneering cloud-native application protection platform (CNAPP) to detect risky and over-privileged human and machine identities, pinpoint toxic permission combinations and curtail risk from privilege escalations with greater speed and efficiency. With out-of-the-box detection content created by the SentinelOne Research team, security analysts are equipped to immediately deploy pre-built, advanced detections in their environments, saving time and resources. Endpoint security and identity Unified agent and expanded capabilities for endpoint & identity protection SentinelOne told a compromised credential security part that always monitors the dark web SentinelOne provides visibility and alerting with simplified installation, deployment, and management of a single agent across endpoint security and identity use cases to enforce all security policies without the need for any additional infrastructure. With new, built-in deception features, the unified agent provides real-time, fake credentials to attackers when passwords are extracted and raise endpoint protection levels.  Critically, with SentinelOne’s Live Security Updates, endpoint protections can be updated faster than the pace of attacker innovation, helping organisations to safely stop the latest attacks with customer change control, rigorous testing procedures, and safeguards to ensure full, uninterrupted business continuity. Additionally, to further prevent identity-based risks, SentinelOne announced a new compromised credential protection feature that constantly monitors the dark web for security breaches related to third-party vendors, in addition to checking for weak or banned passwords uploaded by customers. Extended security posture management (xSPM) A new capability delivered as part of the Singularity Platform, xSPM provides real-time insights into vulnerability and misconfiguration that security teams can use to drive enterprise-wide visibility and control across cloud, endpoint, identity, and third-party risk. Intelligent scoring and contextual assessment ensure teams effectively prioritise risk, with integrated guidance and native remediation, to accelerate decision-making and improve security posture. SentinelOne’s Singularity Platform leads the MITRE Engenuity ATT&CK Evaluations: Enterprise, providing 100 percent detection and #1 Real-World Protection. For three consecutive years, the company has been named a pioneer in the Gartner Magic Quadrant for Endpoint Protection Platforms and was ranked number one in the Gartner Critical Capabilities for Endpoint Protection Platforms. Customers attest to the benefits of the platform, naming SentinelOne as a 2024 Gartner Peer Insights™ Voice of the Customer for Endpoint Protection Platforms report and providing a 95 percent recommendation rate on Gartner Peer Insights.

Next DLP, a pioneer in data loss prevention and insider threat solutions announced that their Reveal Platform is the first Insider Risk Management solution to automatically map detection events to MITRE Engenuity Centre for Threat-Informed Defense’s (Centre) expanded Insider Threat Knowledge Base (ITKB 2.0). The ITKB 2.0 is the first of its kind to offer an evidence-based, multi-organisational, and publicly-available compendium of insider threat tactics, techniques, and procedures (TTPs). This endeavour was developed in partnership between MITRE, Next DLP, CrowdStrike, HCA Healthcare, JPMorgan Chase Bank, N.A., Lloyds Banking Group, Microsoft Corporation, and Verizon Business.  MITRE’s TTPs Legacy solutions often require extensive manual effort to correlate detection events Digital transformation and hybrid workforces have significantly increased the complexity and volume of insider threats organisations face. Legacy solutions often require extensive manual effort to correlate detection events with specific threat behaviours, resulting in delayed responses, potential security breaches, and data leaks. Reveal addresses this challenge head-on by automatically including MITRE’s Techniques, Tactics, and Procedures (TTPs) in its detections, incidents, and analyst case reports.  Detecting malicious insiders “The expansion and refinement of our data repository was made possible by new cases and insights from our dedicated data contributors,” said Suneel Sundar, Director of R&D, of the Centre. “We’re delighted that Next is leveraging our knowledge of adversary behaviours and capabilities to provide defenders with a better opportunity to detect malicious insiders.” Maximising efficiency By incorporating MITRE’s TTPs Reveal delivers a comprehensive narrative of the entire incident lifecycle By incorporating MITRE’s TTPs Reveal delivers a comprehensive narrative of the entire incident lifecycle, from initial reconnaissance and data collection to defense evasion and exfiltration. For the chronically overstretched Security team, a persistent problem given the ongoing security talent shortage, this rich information view maximises the efficiency of analyst resources, empowering security teams of all sizes to perform at heightened levels. Data protection standard “With Reveal, and in partnership with MITRE CTID, we are setting a new standard for data protection and insider threat mitigation,” said John Stringer, Head of Product at Next DLP. “By automating the mapping of detections to MITRE’s Insider Threat TTPs, we enhance our clients' security posture by demonstrating MITRE ATT@CK coverage and significantly reducing the time and resources required to identify, respond to and report on high-impact insider threat activity.”