Cisco Secure Endpoint Shines in the 2020 MITRE® Engenuity ATT&CK Evaluation


What industries do hackers primarily target for financial gain? Financial services should come as no surprise, but the hospitality industry is up there too. That’s why MITRE Engenuity focused on hacker groups Carbanak and FIN7 in the 2020 ATT&CK® Evaluation. Both groups are well known and launch highly sophisticated attacks against these and other industries, stealing more than $1 billion over the past five years, according to MITRE Engenuity.

That’s why we jumped at the chance to participate in this year’s Evaluation with Cisco Secure Endpoint. And today, we’re thrilled to share with you how it performed in MITRE Engenuity’s extensive testing. And here are the MITRE ATT&CK techniques where Secure Endpoint shines.

Overall, Cisco delivered strong results in the evaluation

  • Lateral Movement: Cisco Secure Endpoint recognized and stopped lateral movement automatically. Lateral Movement consists of techniques that adversaries use to enter and control remote systems on a network.
  • Execution: Cisco Secure Endpoint’s advanced telemetry recognized and stopped suspicious file execution without human intervention. Execution consists of techniques that result in adversary-controlled code running on a local or remote system.

Cisco Secure Endpoint’s advanced telemetry recognized and stopped suspicious file execution without human intervention. Execution consists of techniques that result in adversary-controlled code running on a local or remote system.

  • Privilege Escalation & Defense Evasion: Cisco Secure Endpoint identified unauthorized privilege escalation and discovered defense evasion techniques. Privilege escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.

Cisco Secure Endpoint identified unauthorized privilege escalation and discovered defense evasion techniques. Privilege escalation consists of techniques that adversaries use to gain higher-level permissions on a system or network. Defense evasion consists of techniques an adversary may use to evade detection or avoid other defenses.

Cisco Secure Endpoint Innovations on display in this year’s ATT&CK Evaluations

Behavioral Protection

Our latest innovation is behavioral protection, extending the depth of Secure Endpoint’s sophisticated prevention engine. It monitors all user and endpoint activity to protect against malicious behavior in real-time by matching a stream of activity records against a set of attack activity patterns that are dynamically updated as threats evolve. This action accounted for over 38% of the contributions to our findings during the evaluation.

Behavioral protection monitors all user and endpoint activity to protect against malicious behavior in real-time by matching a stream of activity records against a set of attack activity patterns that are dynamically updated as threats evolve.

Orbital Advanced Search

Another recent addition, Orbital Advanced Search, was a key contributor to the evaluation results as well. Orbital combines live search with forensics snapshots to run complex queries on endpoints and capture snapshots of data such as running processes, open network ports, and a lot more at the time of detection or on-demand. These actions operate from a catalog of hundreds of predefined queries that are organized as common use cases and mapped to the MITRE ATT&CK knowledge base.

Orbital Advanced Search combines live search with forensics snapshots to run complex queries on endpoints and capture snapshots of data such as running processes, open network ports, and a lot more at the time of detection or on-demand.

Cisco Secure Endpoint and MITRE ATT&CK: Why it matters to CISOs right now

Securing your endpoints has never been more critical and you need endpoint security you can trust. As the largest cybersecurity provider on the planet, a key investment area across the broadest set of security solutions offered by Cisco is Secure Endpoint. Cisco Secure Endpoint is security that works for your secure remote worker, SASE, XDR, and Zero Trust architecture. And we are the only endpoint security solution with a cloud-native, built-in platform, Cisco SecureX, delivering XDR capabilities and more for better threat visibility, more intelligent investigations, and faster response.

Beyond MITRE ATT&CK, Secure Endpoint consistently outperforms in endpoint prevention, detection, and response evaluations. Here’s how (2020 AV-Comparatives Endpoint Prevention and Response Testing).

  • Active Response / Prevention: cumulative active response rate of 98.0%
  • Passive Response: Cumulative passive response rate of 100%
  • Qualifies as High Enterprise Savings: the average of both active and passive response is greater than 95% of the overall EPR product response

Cisco has been recognized as a leader in endpoint security

  • Strategic leader in the inaugural AV Comparatives EPR testing
  • Top player in the 2020 Radicati Endpoint Security MQ
  • Leader in IT Central Station’s EPP and EDR categories.

Cisco Secure Endpoint has proven to deliver real results, real ROI for our customers

See it for yourself

We know what you are facing, a world where malware is constantly evolving, and threats are becoming harder and harder to detect. The most advanced and riskiest threats, those that will eventually enter and wreak havoc in your network, could potentially go undetected. However, Secure Endpoint provides comprehensive protection against any threat. This security software prevents breaches, blocks malware at the point of entry, and continuously monitors and analyzes file and process activity to rapidly detect, contain, and remediate threats that can evade front-line defenses.

To learn more about Cisco Secure Endpoint and see for yourself how it protects you against today’s threats, join our virtual threat hunting workshop or sign up for a free trial.

Share:



Source link