upnorth

Level 35
Verified
Trusted
Content Creator
In June 2019 F-Secure completed the MITRE ATT&CK Evaluation and we’re excited to announce the results are now publicly listed on the MITRE website here.

In this post we’re going to reveal how our endpoint detection and response (EDR) agent did across:
  • Telemetry coverage
  • Detection coverage
  • Modifiers – delayed and tainted
We will then provide guidance on other elements you should factor in when sourcing an EDR vendor, as well as our take on what other vendors you could consider. Not familiar with MITRE and its evaluation? Find out more here and here. The results for F-Secure’s EDR – used in our managed detection and response solution, F-Secure Countercept – were very positive. We scored highly in many of the tests, showing that the F-Secure Countercept platform provides the necessary datasets and detection logic to comprehensively detect a nation state threat actor such as APT3 (which was the focus of Round 1). The results themselves are based on 20 attack phases broken down into 105 tests cases, which then expands to 136 total items for which you can demonstrate capabilities. We’ll walk through some of the key findings.