Behavior-based Automated Detections, Unaided by Human Analysis or IOCs,
Outperforms All Other Vendors
Waltham, MA January 7, 2019. The CounterTack Platform led the recently completed MITRE ATT&CK Evaluations with the best performance for automated detection, solely relying on behavior-based detection with fast alerting and response. The MITRE ATT&CK Evaluation focused on a the APT-3 attack containing a variety of adversary behaviors representative of real-world attacks.
The CounterTack Platform stood alone during the rigorous and exhaustive process of the APT-3 evaluations, requiring no human in the middle to aide detection, not relying on IOCs, and equally importantly, using an all-encompassing single analytic solution that provided behavior data, alerts, detail drill-down into telemetry and flexible search capability to further correlate and discover related behaviors. MITRE has published results for all vendors with screenshots and related descriptions.
“CounterTack has been relentless on automating detection with real-time behavioral analysis, with a single sensor, a single highly scalable analytic engine, and a single pane of glass – and the results are there for everyone to see,” said Michael Davis, CTO of CounterTack. “Most vendors required an analyst to drop into command shells, wait for emails from a hosted service for action, or export data to Excel spreadsheets to wade thru critical data that CounterTack provides at your fingertips.”
Almost all vendors in the evaluations deployed multiple, individually sold product components and threat feeds, often with a detection service which introduced meaningful delays due to human analysis. In real-world situations, this would force SOC analysts to dive into multiple panes of glass to complete diagnosis and assessment. More importantly, the count of detections, and the ensuring avalanche of alerts, for the APT-3 attack is actually not the key metric - the real value is in detecting relevant APT-3 behaviors early, automatically correlating to subsequent tainted detections with the previously detected behaviors, and quickly alerting and stopping the attack. Any downstream event detection remains meaningless when the damage is already done, even more relevant for fast moving attacks like ransomware.
“We’re very pleased with the participation in our first round of ATT&CK-based evaluations,” said Frank Duff, lead engineer for the evaluations program. “Effective cybersecurity can’t be done alone. We look forward to continued collaboration with industry to help vendors understand their capabilities against known adversary behaviors and empower customers to more effectively buy and deploy these security solutions.”
CounterTack is the only Endpoint Protection Platform vendor in the MITRE ATT&CK Evaluations cohort that has participated in all key public tests and evaluations, including NSS Labs group EDR test and the ICSA Advanced Threat Detection Certification test, surpassing all other vendors in each test and comfortably exceeding the tests’ detection thresholds.
CounterTack+GoSecure is the leading provider of Predictive Endpoint Detection and Response, Next Gen Antivirus and Insider Threat Detection, which meets Gartner’s updated definition for Endpoint Protection Platform (EPP) for the enterprise. The Platform delivers multi-vector detection, prevention, and response by applying a unique combination of behavioral analysis, memory forensics, machine learning, and reputational techniques to counter the most advanced threats. Powered by the Platform, CounterTack+GoSecure also offers a full-spectrum of managed cybersecurity services, integrating EDR, SIEM, NextGen ﬁrewalls, IPS, vulnerability assessment and patch management. Our Advanced Response Centre (ARC) provides Threat Hunting, Active Threat Mitigation and Incident Response services. With focus on innovation quality, integrity and respect, CounterTack+GoSecure has become the trusted provider of cybersecurity product and services to organizations of all sizes, across all industries globally. CounterTack+GoSecure is empowering security teams with the tools, information, and services they require to prevent and neutralize threats across the entire threat spectrum before they damage the business.