Bitdefender Achieves Strong Threat Actionability and Alert Fidelity in MITRE Engenuity ATT&CK® Evaluations for Managed Services
June 18, 2024
Independent Evaluation of Several Vendors Reveals Superior Threat Detection, Correlation, and Context Capabilities of Bitdefender Managed Detection and Response Services
BUCHAREST, Romania and SANTA CLARA, Calif. – Bitdefender, a global cybersecurity leader, today announced results for the 2024 MITRE Engenuity ATT&CK Evaluation for Managed Services, an evaluation of 11 participating cybersecurity vendors in their ability to detect, analyze, and describe adversary behavior. Bitdefender was a top performer achieving near total coverage of all steps (no vendor achieved complete coverage) with highest actionable insights, without excessive alerts to the security operation teams.
“Our ability to identify attack techniques of advanced adversaries and provide rich context with rapid response during real-word tests, demonstrates our proficiency at disrupting attacks at any given point and reaffirms Bitdefender’s position as a trusted leader in managed detection and response (MDR) services,” said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group. “Businesses cannot afford to waste valuable security staff time and resources wading through a mountain of threat alerts and email notifications. In addition to validating our superior threat detection capabilities, the MITRE ATT&CK evaluation confirmed our focus on limiting unnecessary noise and increasing actionability to drive security team efficiency and stop attacks faster.”
The ATT&CK Evaluations for Managed Services tested participating cybersecurity vendors in a ‘closed book’ version of adversary emulation using tactics, techniques and procedures (TTPs) of BlackCat/ALPHV, a prolific ransomware-as-a-services (RaaS) group, and menuPass (aka APT10), an advanced threat actor focused on espionage targeting an array of industries including healthcare, manufacturing and government. The evaluations emulated a multi-subsidiary compromise with overlapping operations focusing on defense evasion, exploiting trusted relationships, data encryption, and inhibiting system recovery across both Windows and Linux environments.
Each participant was evaluated based on understanding of emulated BlackCat and menuPass activities across 43 total steps in the framework’s attack kill chain from initial compromise through the final stage. Participants leveraged a self-supplied toolset to enable their detection capabilities and provide the relevant analysis in the same format they provide to customers.
MITRE Engenuity evaluated Bitdefender MDR, a managed security service that delivers 24×7 continuous threat monitoring and response, threat hunting, and elite security expertise housed across a global network of interconnected, fully staffed security operations centers (SOCs). With cross-functional teams covering threat research, investigations, forensics and other highly skilled disciplines, Bitdefender MDR helps augment organizations with limited cybersecurity resources.
Bitdefender evaluation highlights include:
● Highest Actionability in the Evaluation – Bitdefender MDR reported malicious activity for more than 95% of sub-steps for BlackCat and menuPass and achieved the highest result (32% above the average) in the category of Actionability, a measurement of whether a SOC analyst is provided with enough information in the alert (about What, Where, When, Who, and Why) to take immediate action on it.
● Best Alert Fidelity – Bitdefender MDR demonstrated low overall noise consisting of total alerts in the console and total emails generated during evaluations. For both BlackCat and menuPass, Bitdefender generated 82 alerts and emails, a stark contrast when compared to the competitor average of over 500 alerts and emails (with some vendors generating over 1,000).
● Low Mean Time to Detect (MTTD) – At just 24 minutes, Bitdefender had an extremely low MTTD, meaning average time between when an attack is initiated and MDR provider triggered alert. This is in comparison to the average MTTD of 42 minutes.
● Powerful Native Technology Stack – Bitdefender MDR achieved its favorable testing results leveraging a native technology stack that serves as the cornerstone for the company’s entire business solution portfolio. Businesses seamlessly integrate threat prevention, endpoint detection and response (EDR) and extended detection and response (XDR) with MDR services without requiring costly add-ons.
“In collaboration with the 11 providers who participated in this round of ATT&CK Evaluations Managed Services, we rigorously and transparently tested services against two well-known and prolific adversaries,” said William Booth, general manager, ATT&CK Evals, MITRE Engenuity. “The evidence-based results of the evaluation are a valuable resource for organizations in determining which security solutions best address their needs.”
To view the full results from the ATT&CK Evaluations for Managed Services visit here.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a non-profit for public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our partnerships we work with industry to tackle challenges to the safety, stability, and well-being of our world. MITRE Engenuity brings technical know-how and systems thinking to the private sector to solve complex challenges. MITRE Engenuity catalyzes the collective R&D strength of academia and the private sector to tackle national and global challenges, such as protecting critical infrastructure, investing in pandemic preparedness, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. https://mitre-engenuity.org.