%3CLINGO-SUB%20id%3D%22lingo-sub-1476134%22%20slang%3D%22en-US%22%3EA%20deeper%20dive%20into%20the%20APT29%20MITRE%20ATT%26amp%3BCK%20evaluation%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1476134%22%20slang%3D%22en-US%22%3E%3CP%3EAs%20a%20follow-on%20to%20the%20%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F04%2F21%2Fmitre-attack-evaluation-prove-microsoft-threat-protection-against-threats%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Einitial%20blog%3C%2FA%3E%20we%20posted%20about%20our%20participation%20in%20the%20APT29%20MITRE%20ATT%26amp%3BCK%20evaluation%2C%20we%20wanted%20to%20go%20into%20more%20detail%20on%20the%20test%20and%20our%20results.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20fortunate%20to%20have%20the%20opportunity%20to%20be%20evaluated%20against%20leading%20endpoint%20security%20and%20threat%20protection%20solutions%20and%20are%20very%20proud%20of%20the%20close%20collaboration%20our%20engineering%20teams%20have%20with%20our%20customers%20to%20make%20our%20product%20one%20of%20the%20best%20in%20the%20industry.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIn%20the%20latest%20evaluation%2C%20customers%20can%20see%20our%20leadership%20and%20ability%20to%20fully%20protect%20them%20against%20the%20most%20sophisticated%20threats.%26nbsp%3BDuring%20testing%2C%20Microsoft%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3E%3CSPAN%20class%3D%22inner-wrap%20x-hidden-focus%22%3EDelivered%20automated%20real-time%20alerts%20without%20the%20need%20for%20configuration%20changes%20or%20custom%20detections%3B%20%3CSTRONG%3EMicrosoft%20is%20one%20of%20only%20three%20vendors%20who%20did%20not%20make%20configuration%20changes%20or%20rely%20on%20delayed%20detections%3C%2FSTRONG%3E.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22inner-wrap%22%3E%3CSTRONG%3EFlagged%20more%20than%2080%20distinct%20alerts%3C%2FSTRONG%3E%2C%20and%20used%20built-in%20automation%20to%20%3CSTRONG%3Ecorrelate%20these%20alerts%20into%20only%20two%20incidents%3C%2FSTRONG%3E%20that%20mirrored%20the%20two%20MITRE%20ATT%26amp%3BCK%20simulations%2C%20improving%20SOC%20analyst%20efficiency%20and%20reducing%20attacker%20dwell%20time%20and%20ability%20to%20persist.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3CLI%3E%3CSPAN%20class%3D%22inner-wrap%22%3EIdentified%20seven%20distinct%20steps%20during%20the%20attack%20in%20which%20our%20protection%20features%2C%20which%20were%20disabled%20during%20testing%2C%20would%20have%20%3CSTRONG%3Eautomatically%20intervened%20to%20stop%20the%20attack%3C%2FSTRONG%3E.%3C%2FSPAN%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ECheck%20out%20the%20blog%20for%20the%20deeper%20dive%20on%20the%20evaluation%20and%20how%20we%20are%20collaborating%20with%20MITRE%20to%20contribute%20to%20the%20test%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fsecurity%2Fblog%2F2020%2F05%2F01%2Fmicrosoft-threat-protection-leads-real-world-detection-mitre-attck-evaluation%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20Threat%20Protection%20leads%20in%20real-world%20detection%20in%20MITRE%20ATT%26amp%3BCK%20evaluation%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1476134%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22MITRE1-2-1536x683.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F199644iA705DEE193496CDD%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20title%3D%22MITRE1-2-1536x683.png%22%20alt%3D%22MITRE1-2-1536x683.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ELearn%20about%20our%20incident%20based%20approach%2C%20out%20of%20the%20box%20performance%2C%20and%20unique%20visibility%20across%20domains.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1476134%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMITRE%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft

As a follow-on to the initial blog we posted about our participation in the APT29 MITRE ATT&CK evaluation, we wanted to go into more detail on the test and our results. 

 

We are fortunate to have the opportunity to be evaluated against leading endpoint security and threat protection solutions and are very proud of the close collaboration our engineering teams have with our customers to make our product one of the best in the industry.

 

In the latest evaluation, customers can see our leadership and ability to fully protect them against the most sophisticated threats. During testing, Microsoft:

  • Delivered automated real-time alerts without the need for configuration changes or custom detections; Microsoft is one of only three vendors who did not make configuration changes or rely on delayed detections.
  • Flagged more than 80 distinct alerts, and used built-in automation to correlate these alerts into only two incidents that mirrored the two MITRE ATT&CK simulations, improving SOC analyst efficiency and reducing attacker dwell time and ability to persist.
  • Identified seven distinct steps during the attack in which our protection features, which were disabled during testing, would have automatically intervened to stop the attack.

 

Check out the blog for the deeper dive on the evaluation and how we are collaborating with MITRE to contribute to the test: Microsoft Threat Protection leads in real-world detection in MITRE ATT&CK evaluation