Lately MITRE Engenuity released the full total results from its 4th circular of the ATT&CK Evaluations. This round centered on threat actors Wizard Sandworm and Spider.

It’s no real surprise that both hacking groupings have made their existence felt. For instance, between 2019 and 2020, Wizard Spider, a Russian-speaking cybercriminal team, extorted $61 million from ransomware attacks, including significant attacks that integrated Universal Healthcare Program Hospitals, and state administrative workplaces in both Georgia and Florida . In 2017, Sandworm infiltrated Ukrainian accounting software program MeDoc and hijacked the company’s update system which led to malicious software being released to copies of the MeDoc software program utilized by its customers.

After participating in another circular of MITRE Engenuity Evaluations, 12 months cisco was excited to activate again showing our improvements over final.

      These evaluations aren't a competitive evaluation. MITRE displays the detections it noticed without providing a “champion.” Since there is simply no singular method for analyzing, position, or ranking the solutions, MITRE rather displays how each vendor techniques threat protection within the context of ATT&CK.     

Cisco delivered strong outcomes in the 2022 Assessment

General, Cisco Secure Endpoint proved it could cease Wizard Spider and Sandworm strike campaigns early within the eliminate chains and provided analytic detections from the MITRE ATT&CK technique degree across each phase of its respective destroy chains.

Summary of Cisco’s Outcomes:

What’s vital that you know:

• • Day time 1 and 2 of the MITRE Assessment were for the Recognition Test and Protection exams were performed on Time 4.

• • Of the 30 suppliers that participated in the assessment all but eight usually do not offer a comprehensive option and didn’t have a Linux broker.

• • Of the 30 suppliers that participated eight of these did not take part in the protection check.

Protection Eliminate Chains Overlayed with Detections

With regards to protection, Cisco Secure Endpoint halted both attack campaigns early in the kill chains and provided analytic detection at the MITRE ATT&CK degree across each stage of these respective kill chains. With real-time analytics and security, a protection analyst can remediate the threat with a lower life expectancy mean time and energy to response and detection. Cisco Protected Endpoint blocked Wizard Spider in the beginning of the eliminate chain, however, a dynamic Directory database dump check was executed in Check 4. It’s vital that you understand that the protection lab tests are usually executed as independent device tests; in cases like this it’s assumed the sooner assessments were unsuccessfully blocked.

Cisco Secure Endpoint Analytic Insurance improved in the 2022 Evaluation significantly, allowing us to start to see the technique or even tactic used at a far more granular level. Cisco Secure Endpoint’s enhanced insights on the threat’s specific method helped accelerate the suggest time and energy to detection and response.

Cisco Secure Endpoint had a substantial amount of detections at the initial substeps of each stage in the Wizard Spider and Sandworm destroy chain emulated in the MITRE Assessment. Alert on potential risk actor activity was instant early in the eliminate chain quite, which helped decrease attacker dwell period on the endpoint.

Cisco Secure Endpoint Behavioral Defense played a critical function in identifying threats again. We shall continue steadily to increase and develop Behavioral Protection for customers.

Hyperlinks to Cisco’s MITRE Engenuity ATT&CK outcomes:

Cisco Safe MITRE and Endpoint ATT&CK: Why it issues to CISOs at this time

Securing your endpoints offers been more critical in no way, and you also need endpoint security it is possible to trust. Cisco Protected Endpoint is made for those searching for endpoint resilience. Meeting safety head-on requires adopting a thorough cloud-based endpoint protection alternative for the secure remote control employee, SASE, XDR, and Zero Rely on architecture . We have been the only real endpoint security treatment for deliver a cloud-indigenous, built-in system, Cisco SecureX, providing XDR capabilities and much more for better threat presence, more smart investigations, and faster reaction.

Cisco has been named a leader within endpoint security

View it on your own

We know everything you are facing, a global where malware is evolving, and threats have become harder and harder to detect. Probably the most superior and riskiest threats which will ultimately enter and wreak havoc in your system could potentially move undetected. Secure Endpoint offers extensive protection against any danger. This security software program prevents breaches, blocks malware at the real point of entry, and monitors and analyzes document and process action to rapidly detect continually, include, and remediate threats that may evade front-line defenses.

To learn more regarding Cisco Secure Endpoint and notice for yourself the method that you are protected because of it against these days’s threats, join our virtual risk hunting workshop or join a trial offer .

We’d want to hear everything you think. Ask a relevant question, Comment Below, and Remain Linked to Cisco Secure on interpersonal!

Cisco Secure Social Stations

Instagram
Facebook
Twitter
LinkedIn