CrowdStrike’s unique CrowdScore detection technology reduces burden for security analysts by providing actionable security incidents enriched with deep contextual telemetry
CrowdStrike, a leader in cloud-delivered endpoint protection, today announced it has successfully completed its third ATT&CK® Evaluation performed by MITRE Engenuity. CrowdStrike Falcon® was evaluated for its ability to detect attack techniques employed by CARBON SPIDER (also known as FIN7) and Carbanak, sophisticated cyber criminals affiliated with the multiple adversary groups. The series of attacks spanned the Enterprise ATT&CK spectrum, covering 20 separate test steps on both Linux and Windows operating systems.
ATT&CK is a MITRE-developed knowledge base of adversary tactics and techniques based on real-world observations to describe and better understand threats and to pinpoint gaps in visibility and process. MITRE Engenuity’s ATT&CK Evaluations test a vendor’s ability to detect adversary activity across a full range of sophisticated attacks, from initial breach all the way through lateral movement, persistence and exfiltration.
CrowdStrike’s results in this latest ATT&CK Evaluation demonstrate CrowdStrike Falcon’s exceptional prowess in delivering protection, visibility, and detection via a single, intelligent agent to secure endpoints and workloads across the entire breadth of the ATT&CK framework. Unlike other vendors, Falcon focuses on providing highly actionable alerts, dramatically reducing alert fatigue for security analysts. Falcon’s actionable alerts are enriched with deep contextual telemetry into adversary techniques, which are tested across different enterprise attack surfaces, to allow security analysts to understand threats quickly and act decisively.
Key results from MITRE Engenuity’s ATT&CK Evaluation include:
● CrowdStrike Falcon achieved comprehensive detection coverage by providing actionable alerts on each of the 20 steps of the Evaluation. The Falcon platform prevented simulated intrusions against both threat actors at multiple steps across the MITRE ATT&CK framework, demonstrating equally strong capabilities across Windows and Linux platforms, via a single lightweight, intelligent agent.
● CrowdStrike’s CrowdScore detection engine correlated relevant indicators of compromise and telemetry to detect the sophisticated adversary intrusions, helping to speed up time to response.
● Falcon provided deep and comprehensive visibility into attack behaviors, ultimately reducing the time needed to understand, contain and remediate incidents.
● CrowdStrike’s unique CrowdScore Incident Workbench prioritized and visualized the detected attacks with rich contexts such as ATT&CK Tactics and Techniques, threat actor intelligence, devices and users. Results were presented as actionable security incidents enriched with deep contextual telemetry — replacing discrete security alerts that can overwhelm security teams and providing benefits that no other vendor could match.
● Combined, these results showcased Falcon’s ability to deliver leading out-of-box detection and prevention into adversary activities, significantly reducing manual work for Security Operation Centers (SOCs) to bring down the total cost of ownership.
“Modern endpoint protection platforms must solve deep customer pain points and offer a comprehensive view into the attack life cycle in order to help security teams pinpoint threats quickly and correlate massive data sets at scale. This ensures that threat intelligence is contextualized, so that teams can take decisive action to stop incidents from becoming breaches,” said Michael Sentonas, CrowdStrike’s chief technology officer. “CrowdStrike’s enviable performance in three consecutive MITRE evaluations showcases the effectiveness of our world class cross-platform endpoint protection technology. We believe our offering provides customers with the most innovative solution on the market – combining comprehensive detection with ease-of-use. Third-party testing is critical within the industry, and CrowdStrike remains committed to participating in programs that help to inform the industry and ultimately keep organizations more secure.”
CrowdStrike Falcon has been repeatedly tested and certified through a wide range of leading independent testing organizations. The results of this test highlight the consistent best-in-class threat detection capabilities of CrowdStrike Falcon, which were also demonstrated in multiple SE Lab Breach Response tests and by AV-Comparatives.
To learn more about CrowdStrike’s performance in this latest round of testing and review the full results, please visit MITRE Engenuity’s website.
This press release contains forward-looking statements that involve risks and uncertainties, including statements regarding the performance and benefits of CrowdStrike’s products. There are a significant number of factors that could cause actual results to differ materially from statements made in this press release.
You should not rely on these forward-looking statements, as actual outcomes and results may differ materially from those anticipated or implied by these forward-looking statements as a result of such risks and uncertainties. All forward-looking statements in this press release are based on information available to us as of the date hereof, and we do not assume any obligation to update the forward-looking statements provided to reflect events that occur or circumstances that exist after the date on which they were made.