Security teams must outpace increasingly fast and sophisticated adversaries to stay ahead. In the most recent closed-book MITRE Engenuity ATT&CK® Evaluations: Managed Services, the CrowdStrike Falcon® platform once again demonstrated it stands alone in its ability to deliver the speed and efficacy needed to stop breaches.
- CrowdStrike Falcon Complete® managed detection and response (MDR) sets a new speed benchmark, scoring the fastest mean time to detect (MTTD) at just 4 minutes — 6 to 11 times faster than competitive vendors.
- CrowdStrike achieved the highest detection coverage score for the second consecutive year.
MITRE’s closed-book evaluation emulated a real-world eCrime attack without giving vendors prior knowledge of the threat scenario — creating the most accurate assessment of a vendor’s capabilities. In this scenario, prevention capabilities of the Falcon agent were not permitted. The Falcon platform was operating in detect-only mode, meaning no automated actions could be taken to kill processes.
MITRE does not rank or rate participants — the following is CrowdStrike’s analysis of the results provided by MITRE Engenuity.
We believe these results clearly demonstrate that the powerful combination of the Falcon platform, CrowdStrike’s elite team of experts and our knowledge of the adversary stands alone in the industry when it comes to stopping breaches. The Falcon platform once again achieved the highest detection coverage and fastest mean time to detect at just 4 minutes — an exceptional performance 6-11x faster than comparative vendors.
Organizations must rigorously evaluate MDR vendors and demand cutting-edge technology, unmatched expertise and proven outcomes. Only a unified approach ensures swift and effective threat detection, investigation and response. This is why the results from MITRE’s latest evaluation should be considered holistically. When reviewing these results, ask yourself: What good is speed if threats are missed? What good are actionable detections if they cannot be trusted or acted on quickly? What good is threat detection if detections happen too slowly to prevent breaches?
Not only did CrowdStrike achieve the highest detection coverage and fastest MTTD of all vendors evaluated, we also generated the highest number of actionable notifications and detections, showcasing our ability to drive superior security outcomes — namely, stopping breaches.
Unsurpassed Speed and Efficacy in MDR
CrowdStrike Falcon Complete MDR achieved remarkable results in the latest MITRE evaluation, building on our previous success in the MITRE Managed Services, Round 1 and the MITRE Enterprise evaluation. We achieved the highest detection coverage of all vendors evaluated.
The CrowdStrike 2024 Global Threat Report shows the average breakout time for eCrime is dropping rapidly, going from 84 minutes in 2022 to just 62 minutes in 2023. The fastest recorded breakout was just over 2 minutes. This real-world data shows every minute counts when sophisticated adversaries attack. With many cybersecurity solutions, by the time a SOC is aware of an intrusion, it’s too late — the adversary will have already moved on to their objective. Falcon Complete detects the attack immediately, preventing a breach.
Organizations must have confidence in their MDR provider’s ability to swiftly detect and eliminate threats with uncompromising efficiency. This closed-book evaluation, in which no vendor had advance notice of the adversary or their TTPs, accurately simulated a real-world attack and offered a precise assessment of each vendor’s ability to detect and report threats, registering MTTD as a critical metric. Vendor response and remediation were not evaluated.
The Falcon Complete team rapidly correlated intelligence and cross-domain data using the Falcon platform’s rich security telemetry, which encompasses endpoint, identity, cloud workloads, third-party data and integrated threat intelligence. CrowdStrike achieved these objectives with astounding speed and accuracy.
Identifying Sophisticated Tradecraft in MITRE Engenuity ATT&CK Evaluations: Managed Services, Round 2
CrowdStrike’s objectives in the evaluation were to investigate and provide context and analysis of Falcon platform detections in order to establish who the threat actor was, identify the earliest and most recent threat actor activity and determine how they gained access to the systems. We were required to present MITRE evidence, if any, that the threat actor accessed or exfiltrated data and identify potential lateral movement to other systems in the environment.
During the evaluation, we reviewed and monitored Falcon platform detections and relevant telemetry across native endpoint and identity data, and network and email third-party telemetry from CrowdStrike Falcon® Next-Gen SIEM, to perform remote triage analysis on impacted systems.
CrowdStrike identified that the MITRE ATT&CK Evaluations for Managed Services emulated the behavior of two sophisticated adversaries tracked as STONE PANDA and ALPHA SPIDER by CrowdStrike Counter Adversary Operations (known as menuPass and ALPHV BlackCat by MITRE).