Tuesday, April 21, 2020
Woburn, MA – April 21, 2020 –Kaspersky Endpoint Detection and Response (EDR) and Kaspersky Managed Protection (MDR) offerings for enterprise business were tested in the MITRE ATT&CK Evaluation Round 2 to examine the solutions’ ability to detect the tactics and techniques of targeted cyberattacks. The evaluation revealed that Kaspersky’s solutions offer strong threat detection capabilities. The assessment was conducted in 2019-2020 and imitates attack techniques of the APT29 threat group (CozyDuke, CozyBear, The Dukes).
Using its own ATT&CK matrix, MITRE evaluates the performance of EDR products from different vendors. The MITRE ATT&CK Evaluation is the first comprehensive test of its kind as it does not just analyze malware detection levels, but aims to create a full picture of the ability of an EDR solution to protect against all stages of an advanced, multi-staged attack. There is no scoring system in this test to compare different vendors, and every customer can decide what capabilities of each product are important to its organization’s particular security goals.
Prior to the evaluation, MITRE invited security experts to share their own research on APT29 to improve the emulation. Kaspersky contributed its own threat intelligence on this threat group to be considered for the evaluation.
By conducting an in-depth assessment carried out over three days, MITRE tested Kaspersky's solution against similar attack techniques. The evaluation found that Kaspersky’s solution, which includes Kaspersky EDR with Kaspersky Endpoint Security for Business and Kaspersky Managed Protection service, showed superior visibility of most of the techniques tested. It demonstrated a high level for detecting key techniques applied at crucial stages of modern targeted attacks which include Execution, Persistence, Privilege Escalation, Lateral Movement and Exfiltration.
The results also proved the importance of a comprehensive solution that combines a fully automated, multi-layered security product and an automated manual threat hunting service. While many attack methods were well detected by Kaspersky EDR automatically, there were also techniques that required human expertise in order to be uncovered.
“Participating in the ATT&CK Evaluation Round 2 was a valuable experience for Kaspersky, and we are fully satisfied with how our EDR solution performed in this evaluation,” said Anton Ivanov, vice president of threat research at Kaspersky. “Tests such as these reveal the overall level of industry readiness to address advanced threats and any gaps that need to be resolved. MITRE did a great job in creating the ATT&CK framework with community contributions (including input from Kaspersky). We are pleased with the findings from the Evaluation Round 2 and will continue to work on improving our solutions for the Round 3 evaluation which will focus on the FIN7/Carbanak threat group.”
All of Kaspersky’s ATT&CK-related materials, including the evaluation results analysis and the examples of the ATT&CK used in Kaspersky products, can be found at Kaspersky.com/MITRE.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at usa.kaspersky.com.