Just lately MITRE Engenuity launched the outcomes from its fourth spherical of the ATT&CK Evaluations. This spherical targeted on risk actors Wizard Spider and Sandworm.
It’s no shock that each hacking teams have made their presence felt. For instance, between 2019 and 2020, Wizard Spider, a Russian-speaking cybercriminal group, extorted $61 million from ransomware assaults, together with notable assaults that included Common Healthcare System Hospitals, and state authorities administrative workplaces in each Georgia and Florida. In 2017, Sandworm infiltrated Ukrainian accounting software program MeDoc and hijacked the corporate’s replace mechanism which resulted in malicious software program being launched to copies of the MeDoc software program utilized by its prospects.
After taking part within the third spherical of MITRE Engenuity Evaluations, Cisco was excited to have interaction once more to point out our enhancements over final yr.
These evaluations are usually not a aggressive evaluation. MITRE reveals the detections it noticed with out offering a “winner.” As a result of there isn’t any singular approach for analyzing, rating, or score the options, MITRE as an alternative reveals how every vendor approaches risk protection inside the context of ATT&CK.
Cisco delivered sturdy ends in the 2022 Analysis
Total, Cisco Safe Endpoint proved it will probably cease Wizard Spider and Sandworm assault campaigns early within the kill chains and supplied analytic detections on the MITRE ATT&CK approach stage throughout every step of its respective kill chains.
Abstract of Cisco’s Outcomes:
Cisco Applied sciences
third Occasion Applied sciences
What’s essential to know:
- Day 1 and a couple of of the MITRE Analysis had been for the Detection Take a look at and Safety assessments had been performed on Day 4.
- Of the 30 distributors that participated within the analysis all however eight don’t supply a complete answer and didn’t have a Linux agent.
- Of the 30 distributors that participated eight of them didn’t take part within the safety check.
Safety Kill Chains Overlayed with Detections
In the case of safety, Cisco Safe Endpoint stopped each assault campaigns early within the kill chains and supplied analytic detection on the MITRE ATT&CK stage throughout every step of their respective kill chains. With real-time safety and analytics, a safety analyst can remediate the risk with a diminished imply time to detection and response. Cisco Safe Endpoint blocked Wizard Spider firstly of the kill chain, nevertheless, an Energetic Listing database dump check was executed in Take a look at 4. It’s essential to keep in mind that the safety assessments are executed as unbiased unit assessments; on this case it’s assumed the sooner assessments had been unsuccessfully blocked.
Cisco Safe Endpoint Analytic Protection considerably improved within the 2022 Analysis, permitting us to see the tactic or approach used at a extra granular stage. Cisco Safe Endpoint’s improved insights on the risk’s particular approach helped speed up the imply time to detection and response.
Cisco Safe Endpoint had a major variety of detections on the first substeps of every section within the Wizard Spider and Sandworm kill chain emulated within the MITRE Analysis. Alert on potential risk actor exercise was rapid fairly early within the kill chain, which helped scale back attacker dwell time on the endpoint.
Cisco Safe Endpoint Behavioral Safety once more performed a essential function in figuring out threats. We are going to proceed to broaden and develop Behavioral Safety for patrons.
Hyperlinks to Cisco’s MITRE Engenuity ATT&CK outcomes:
Cisco Safe Endpoint and MITRE ATT&CK: Why it issues to CISOs proper now
Securing your endpoints has by no means been extra essential, and also you want endpoint safety you’ll be able to belief. Cisco Safe Endpoint is designed for these searching for endpoint resilience. Assembly safety head-on requires adopting a complete cloud-based endpoint safety answer to your safe distant employee, SASE, XDR, and Zero Belief structure. We’re the one endpoint safety answer to ship a cloud-native, built-in platform, Cisco SecureX, delivering XDR capabilities and extra for higher risk visibility, extra clever investigations, and sooner response.
Cisco has been acknowledged as a pacesetter in endpoint safety
See it for your self
We all know what you’re going through, a world the place malware is consistently evolving, and threats have gotten more durable and more durable to detect. Probably the most superior and riskiest threats that may ultimately enter and wreak havoc in your community may doubtlessly go undetected. Safe Endpoint offers complete safety in opposition to any risk. This safety software program prevents breaches, blocks malware on the level of entry, and repeatedly displays and analyzes file and course of exercise to quickly detect, include, and remediate threats that may evade front-line defenses.
We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Linked with Cisco Safe on social!
Cisco Safe Social Channels