ATT&CK assessment from the MITRE Corporation measured Cb Response’s effectiveness in detecting a range of adversary tactics and techniques
Carbon Black also adds MITRE ATT&CK threat intelligence feeds to Cb Response and Cb ThreatHunter to advance behaviour-based threat hunting across endpoints
READING, UK - 3rd December, 2018 - Carbon Black (NASDAQ: CBLK), a leader in next-generation endpoint security delivered via the cloud, today announced that it delivered zero delayed detections and zero tainted detections in the MITRE Corporation’s Adversarial Tactics, Techniques and Common Knowledge (ATT&CK) assessment. The MITRE assessment tests the ability to quickly detect specific adversary tactics and techniques as captured in the ATT&CK knowledgebase.
The evaluations for this initial testing period used a MITRE-developed APT3 emulation plan on behaviour detection, telemetry and enrichment, among other elements. In the assessment, Cb Response demonstrated it could automatically detect and display adversarial behaviours without humans-in-the-loop across the entire MITRE ATT&CK Matrix, which includes: initial access, execution, privilege escalation, defence evasion, credential access, discovery, lateral movement, collection, exfiltration, and command and control.
For a look at the full report from MITRE on Carbon Black, click here: https://attackevals.mitre.org/evaluations/carbonblack.1.apt3.1.html.
“We’re proud to be among the initial vendors evaluated by MITRE and we’re extremely proud of these results. We attribute our very strong showing to our philosophy of building products the right way for the long haul,” said Scott Lundgren, Carbon Black’s Chief Technology Officer. “Objective, transparent and open testing is critical as a means of driving the industry forward, and the MITRE ATT&CK framework offers a critical look at how real-world attacks play out. We believe MITRE has set an excellent standard for how testing should be conducted in an open, rigorous, and sophisticated way. We thank MITRE for its leadership.”
“We’re very pleased with the participation in our first round of ATT&CK-based evaluations,” said Frank Duff, MITRE lead engineer for the evaluations program. “Effective cybersecurity can’t be done alone. We look forward to continued collaboration with the industry to help vendors understand their capabilities against known adversary behaviours and empower customers to more effectively buy and deploy these security solutions.”
MITRE ATT&CK Threat Intelligence Feeds for Cb Response & Cb ThreatHunter
In conjunction with the assessment results, Carbon Black announced it has added MITRE ATT&CK threat intelligence feeds to Cb Response and Cb ThreatHunter to deliver new behavior-based threat intelligence to customers.
Carbon Black’s MITRE ATT&CK feeds combine the power of Carbon Black’s unfiltered endpoint data collection and a robust collection of adversary techniques to simplify threat detection and threat hunting. The new threat feeds map directly to the various attack tactics outlined by MITRE.
“By adding ATT&CK threat intelligence feeds to Cb Response and Cb ThreatHunter, organisations now have an unfiltered view into all endpoint activity viewed through the lens of attack building blocks and behaviors noted by MITRE. We believe this results in more comprehensive and advanced threat hunting capabilities for security professionals,” said Lundgren. “The ATT&CK threat intelligence feeds directly integrate detection of ATT&CK tactics and techniques into the Cb Response and Cb ThreatHunter products, underscoring Carbon Black’s commitment to ATT&CK and other open standards and frameworks.”
Tweet this: @CarbonBlack_Inc adds @MITREattack threat feeds to Cb Response and Cb ThreatHunter to advance behavior-based threat hunting across endpoints – http://ow.ly/FEr230mOD07
Tweet this: @CarbonBlack_Inc delivers @MITREattack coverage with zero delayed detections & zero tainted detections – http://ow.ly/FEr230mOD07
- MITRE ATT&CK Assessment Results – Carbon Black
- “Why I’m Ecstatic About the MITRE ATT&CK Results” – Scott Lundgren Blog
- MITRE Resource Page on carbonblack.com
- Learn more about Cb ThreatHunter
- Learn more about Cb Response
- Using MITRE ATT&CK When Researching Attacker Behavior in a Post-Compromise World (Blog)
- Using the ATT&CK Framework to Mature Your Threat Hunting Program
- Follow @CarbonBlack_Inc on Twitter
About Carbon Black
Carbon Black (NASDAQ: CBLK) is a leading provider of next-generation endpoint security delivered via the cloud. Leveraging its big data and analytics cloud platform – the Cb Predictive Security Cloud – Carbon Black consolidates prevention, detection, response, threat hunting and managed services into a single platform with a single agent and single console, making it easier for organisations to consolidate security stacks and achieve better protection. As a cybersecurity innovator, Carbon Black has pioneered multiple endpoint security categories, including application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV) enabling customers to defend against the most advanced threats. More than 4,600 global customers, including one-third of the Fortune 100, trust Carbon Black to keep their organisations safe.
Carbon Black and Cb Predictive Security Cloud are registered trademarks or trademarks of Carbon Black, Inc. in the United States and/or other jurisdictions.