ESET’s detection and response capabilities tested in MITRE Engenuity ATT&CK® Evaluations
Created: 2022-04-01 11:45:14
BRATISLAVA – ESET, a global leader in cybersecurity, today announced the participation of ESET Inspect (formerly ESET Enterprise Inspector) in the fourth round of the MITRE Engenuity ATT&CK® Evaluations for Enterprise. This round of the ATT&CK Evaluations emulated the Wizard Spider and Sandworm threat groups, collecting results from 30 participating vendors and highlighting ESET’s pioneering research into Sandworm, especially the discovery of the Exaramel backdoor.
The ATT&CK Evaluations prioritize threat groups that can have a significant impact on businesses and governments worldwide. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a cyberespionage threat group that is known for carrying out destructive attacks, such as the 2015 and 2016 disruptions of Ukraine’s electrical power grid and the 2017 NotPetya outbreak.
The detection scenarios of the evaluation consisted of 10 steps for Wizard Spider and 9 for Sandworm. As support for Linux in ESET Inspect was released after the evaluation, four steps related to Sandworm were out of scope. ESET Inspect detected all of the 15 applicable steps (100%). The evaluation categorized the level of context provided by the vendor’s tool and you can read more in ESET’s in-depth analysis of the results in this blogpost.
“ESET believes in taking a multi-layered, high performance approach to developing our detection technologies. ESET Inspect is the foundation of our extended detection and response (XDR) capabilities and works together with ESET PROTECT security platform to offer a complete solution that is optimized for ease of use,” said ESET Chief Research Officer, Roman Kováč. “We have been tracking Sandworm since its inception, being the first to identify the work of its subgroups BlackEnergy and TeleBots and to discover the origin of the NotPetya outbreak. For us, it’s critical to keep ahead of the curve with our telemetry and put our solutions to the test through the expert lens of the MITRE Engenuity team.”
“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.
The ATT&CK Evaluations demonstrate that ESET Inspect is able to provide defenders excellent visibility and context throughout all attack stages. As an XDR-enabling solution, ESET Inspect is a sophisticated tool with advanced threat hunting and incident response capabilities, and together with ESET PROTECT offers deep network visibility, cloud-based threat defenses, and more. ESET has continuously been named a top player and a leader in the industry for its business solutions.
For more information on ESET’s results in this ATT&CK Evaluation, check out our blogpost and MITRE Engenuity’s evaluation results page.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.
About ESET
ESET develops software solutions that deliver instant, comprehensive protection against evolving computer security threats. ESET pioneered and continues to lead the industry in proactive threat detection. ESET NOD32 Antivirus, its flagship product, consistently achieves the highest accolades in all types of comparative testing and is the foundational product that builds out the ESET product line to include ESET Smart Security. ESET Smart Security is an integrated antivirus, antispyware, antispam and personal firewall solution that combines accuracy, speed and an extremely small system footprint to create the most effective security solution in the industry. Both products have an extremely efficient code base that eliminates the unnecessary large size found in some solutions. This means faster scanning that doesn’t slow down computers or networks. Sold in more than 160 countries, ESET has worldwide production headquarters in Bratislava, SK and worldwide distribution headquarters in San Diego, U.S. ESET also has offices in Bristol, U.K.; Buenos Aires, AR; Prague, CZ; and is globally represented by an extensive partner network. For more information, visit our local office at https://eset.version-2.sg.
About Version 2 Limited
Version 2 Limited is one of the most dynamic IT companies in Asia. The Company develops and distributes IT products for Internet and IP-based networks, including communication systems, Internet software, security, network, and media products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 Limited offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which includes Global 1000 enterprises, regional listed companies, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities. For more information, please visit https://www.version-2.com.sg/ or call (65) 6296-4268.