Behavior-based Automated Detections, Unaided by Human Analysis or IOCs, Outperforms All Other Vendors
Waltham, MA – The CounterTack Platform led the recently completed MITRE ATT&CK Evaluations with the best performance for automated detection, solely relying on behavior-based detection with fast alerting and response. The MITRE ATT&CK Evaluation focused on a the APT-3 attack containing a variety of adversary behaviors representative of real-world attacks.
The CounterTack Platform stood alone during the rigorous and exhaustive process of the APT-3 evaluations, requiring no human in the middle to aide detection, not relying on IOCs, and equally importantly, using an all-encompassing single analytic solution that provided behavior data, alerts, detail drill-down into telemetry and flexible search capability to further correlate and discover related behaviors. MITRE has published results for all vendors with screenshots and related descriptions.
“CounterTack has been relentless on automating detection with real-time behavioral analysis, with a single sensor, a single highly scalable analytic engine, and a single pane of glass – and the results are there for everyone to see,” said Michael Davis, CTO of CounterTack. “Most vendors required an analyst to drop into command shells, wait for emails from a hosted service for action, or export data to Excel spreadsheets to wade thru critical data that CounterTack provides at your fingertips.”
Almost all vendors in the evaluations deployed multiple, individually sold product components and threat feeds, often with a detection service which introduced meaningful delays due to human analysis. In real-world situations, this would force SOC analysts to dive into multiple panes of glass to complete diagnosis and assessment. More importantly, the count of detections, and the ensuring avalanche of alerts, for the APT-3 attack is actually not the key metric – the real value is in detecting relevant APT-3 behaviors early, automatically correlating to subsequent tainted detections with the previously detected behaviors, and quickly alerting and stopping the attack. Any downstream event detection remains meaningless when the damage is already done, even more relevant for fast moving attacks like ransomware.
“We’re very pleased with the participation in our first round of ATT&CK-based evaluations,” said Frank Duff, lead engineer for the evaluations program. “Effective cybersecurity can’t be done alone. We look forward to continued collaboration with industry to help vendors understand their capabilities against known adversary behaviors and empower customers to more effectively buy and deploy these security solutions.”
CounterTack is the only Endpoint Protection Platform vendor in the MITRE ATT&CK Evaluations cohort that has participated in all key public tests and evaluations, including NSS Labs group EDR test and the ICSA Advanced Threat Detection Certification test, surpassing all other vendors in each test and comfortably exceeding the tests’ detection thresholds.
GoSecure is recognized as a leader and innovator in cybersecurity solutions. The company is the first and only to integrate an Endpoint and Network threat detection platform, Managed Detection and Response services, and Cloud/SaaS delivery. The CounterTack Platform delivers predictive multi-vector detection, prevention, and response by applying a unique combination of behavioral analysis, memory forensics, machine learning, and reputational techniques to counter the most advanced threats. Our MDR Services are driven by aggressive SLAs for rapid response and active mitigation services that directly touch the customers’ network and endpoints. Together, these capabilities provide the most effective response to the increased sophistication of continuously evolving malware and malicious insiders that target people, processes and systems. With focus on innovation quality, integrity and respect, GoSecure has become the trusted provider of cybersecurity products and services to organizations of all sizes, across all industries globally.