How It Stacks Up To Latest Threats: FortiEDR In MITRE ATT&CK Analysis

The results of MITRE ATT&CK's most recent Evaluations for Enterprise report shows that Fortinet FortiEDR endpoint detection and response blocked 100 percent of the attacks for the second year in a row.

  • August 23, 2022 | Author: Allison Bergamo
Learn More about this topic

Article Key

Your clients’ networks are continuing to expand and become more fractured, providing cybercriminals with plenty of opportunities to deploy sophisticated, relentless cyberattacks. At the same time, their security teams lack the visibility and control they need to defend against these attacks while also experiencing alert fatigue. 

What your clients may need is a solution that’s not just effective, it can stand up to strict industry analysis.

FortiEDR delivers innovative endpoint security with real-time visibility, analysis, protection and remediation—without a slew of false alarms or business disruption. So, what makes FortiEDR stand apart from other security solutions? To start with, FortiEDR delivers real results. MITRE ATT&CK published their Evaluations for Enterprise, and Fortinet FortiEDR endpoint detection and response blocked 100 percent of the attacks for the second year in a row. FortiEDR also showed a 32 percent increase in its ability to detect sub steps with nearly 100 percent of all techniques identified. 

In case your clients are wondering, The MITRE ATT&CK Evaluations assess the ability of cybersecurity products to detect known adversary behavior. To provide objective insights into product capabilities, MITRE uses its Adversarial Tactics, Techniques & Common Knowledge (ATT&CK) knowledge base to emulate the tactics and techniques observed in real-world hacker behavior.

MITRE focused this round of evaluations on the Wizard Spider and Sandworm threat groups. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a destructive threat group known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017's NotPetya attacks.

FortiEDR participated in all the test scenarios, except the single Linux test, which will be performed next year. In the nine scenarios, FortiEDR detected and cataloged 97 percent of the 90 non-Linux steps used in the test and blocked all attacks. Additionally, 93 percent of the substeps were detected using “technique,” which connects a technique-level description with the technique under-test for an endpoint detection and response (EDR) solution. Our growth in the ability to diagnose threats using the MITRE framework enables FortiEDR to be a reliable tool for organizations.

In a recent report, Gartner® notes, “Threat detection is hard. Security and risk management technical professionals must defend their organization against hundreds of known, and possibly even more unknown, threats. The MITRE ATT&CK framework has evolved to provide a common taxonomy for threats and foundation for threat detection."1 For the second year in a row, FortiEDR has shown that it can detect and prevent malicious actions in real-time.

Visit the MITRE Engenuity site for the full FortiEDR results and more information about the MITRE Evaluations. And for more details about FortiEDR, read "Assess Your Endpoint Security."

 

[1] Gartner, How to Use MITRE ATT&CK to Improve Threat Detection Capabilities, Joshua Ammons, 30 July 2021, GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Related Content