Attivo Networks: Using a Commercial Deception Solution to Improve MITRE ATT&CK TEST Results

Published on
02/07/2020 03:35 PM

MITRE recently began evaluating vendor products, as a neutral authority, by testing the ability of specific solutions to detect inbound attacks based on the framework. While MITRE doesn’t rate or recommend tools, the methodology serves as a useful benchmark for comparison.

Using this data, Attivo Networks® conducted a study to evaluate how endpoint security solutions performed within the MITRE evaluations individually and when used in conjunction with Attivo’s EDN suite. Attivo Networks completed evaluations using the MITRE ATT&CK® DIY Assessment tool for both the APT3 and APT29.

In this report, Dr. Edward Amoroso, CEO of TAG Cyber, outlines the results of a recent round of MITRE ATT&CK® testing performed for four top endpoint security tools. It presents an overview of the MITRE process, along with results for augmenting several endpoint tools with a commercial deception solution from Attivo Networks, which produced an average increase of 42% in detection rate.