Update Microsoft 365 Defender demonstrates industry-leading protection in the 2022 MITRE Engenuity ATT&CK® Evaluations

SeriousHoax

Level 42
Thread author
Verified
Top poster
Well-known
Mar 16, 2019
3,196
For the fourth consecutive year, Microsoft 365 Defender demonstrated its industry-leading protection in MITRE Engenuity’s independent ATT&CK® Enterprise Evaluations, showcasing the value of an integrated XDR-based defense that unifies device and identity protection with a Zero Trust approach:
  • Complete visibility and analytics to all stages of the attack chain
  • 100% protection, blocking all stages in early steps
  • Each attack generated a single comprehensive incident for the SOC
  • Differentiated XDR capabilities with integrated identity protection
  • Protection for Linux across all attack stages
  • Deep and integrated Windows device sensors
  • Leading with product truth and a customer-centric approach
Microsoft 365 Defender XDR solution displayed top-class coverage by successfully surfacing to the security operations center (SOC) a single comprehensive incident per each of the simulated attacks. This comprehensive view provided in each incident detailed suspicious device and identity activities coupled with unparalleled coverage of adversary techniques across the entire attack chain. Microsoft 365 Defender also demonstrated 100% protection by blocking both attacks in the early stages.
This is the third year in which Microsoft 365 Defender showcases the power of the combined XDR suite, demonstrating coverage across devices, identities, and cloud applications.

Demonstrated complete visibility and analytics across all stages of the attack chain​

Microsoft 365 Defender demonstrated complete technique-level coverage across all the attack stages of Wizard Spider and Sandworm, leveraging our artificial intelligence-driven adaptive protection.
Diagram showing an overview of the Wizard Spider and Sandworm attack stages.


Figure 1. Microsoft 365 Defender providing full attack chain coverage


Defending against human-operated ransomware requires a defense in-depth approach that continuously evaluates device, user, network, and organization risk and then leverages these signals to alert on potential threats across the entire attack chain. Providing detection and visibility enables defenders to evict the attackers from the network during the pre-ransom phase. It also minimizes the impact of encryption or extortion through data exfiltration activities.

Technique-level detection coverage in real time without delays​

Human-operated ransomware attacks evolve within minutes, and..................................
 

SeriousHoax

Level 42
Thread author
Verified
Top poster
Well-known
Mar 16, 2019
3,196
Thanks! Do they give summary results/ratings for other products? I'm not smart enough to understand this ;)
I'm not either, and we are not alone. Some vendors even published a separate report explaining how to evaluate this complicated report. But I tried to do a quick read for most products and from my very basic understanding it looks like at least 5 vendors were able to successfully block all test cases.
Crowdstrike, Microsoft, Paloalto (Cortex XDR), SentinelOne and Trend Micro.
Looks like Bitdefender also blocked all but I'm not sure. You'll see that the Protections section is absent for some vendors. Vendors need to pay extra to have this section, and some of them decided not to pay extra to have that.
Since these are all XDR solutions, Analytic Coverage, Telemetry Coverage, Visibility are the main aspect of this test. Reading these sections should give you an idea about how good or bad a vendor is, what were they able to detect and what not. According to Bitdefender, only 7 vendors covered more than 90% of the sub-steps for analytical coverage this year.
 
Last edited:
F

ForgottenSeer 94654

Thanks! Do they give summary results/ratings for other products? I'm not smart enough to understand this ;)
Microsoft 365 Defender requires an E5 enterprise subscription. It might also require an Azure subscription.

One does not get Microsoft 365 Defender with any non-Enterprise version of Office.
 
Last edited by a moderator:
  • Like
Reactions: donatom3

motox781

Level 10
Verified
Well-known
Apr 1, 2015
486
I'm not either, and we are not alone. Some vendors even published a separate report explaining how to evaluate this complicated report. But I tried to do a quick read for most products and from my very basic understanding it looks like at least 5 vendors were able to successfully block all test cases.
Crowdstrike, Microsoft, Paloalto (Cortex XDR), SentinelOne and Trend Micro.
Looks like Bitdefender also blocked all but I'm not sure. You'll see that the Protections section is absent for some vendors. Vendors need to pay extra to have this section, and some of them decided not to pay extra to have that.
Since these are all XDR solutions, Analytic Coverage, Telemetry Coverage, Visibility are the main aspect of this test. Reading these sections should give you an idea about how good or bad a vendor is, what were they able to detect and what not. According to Bitdefender, only 7 vendors covered more than 90% of the sub-steps for analytical coverage this year.
Great answer! Thanks!
 
  • Like
Reactions: SeriousHoax