SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Shield emblem cloud server network icons blocking malware symbols
#
Firewalls
#
Ransomware
#
Endpoint Protection

CrowdStrike hits 100% in latest MITRE ATT&CK tests

Thu, 11th Dec 2025
Author image
By Sean Mitchell, Publisher

CrowdStrike has recorded perfect scores in the latest round of MITRE ATT&CK Enterprise Evaluations, achieving 100% detection and 100% protection with no false positives in tests that focused on attacks across identity, endpoint and cloud.

The independent evaluations assessed how participating security platforms handled simulations of complex, multi-stage intrusions. The tests used attack patterns based on Chinese state-linked group MUSTANG PANDA and criminal group SCATTERED SPIDER.

MITRE used these adversaries as models for its first cloud adversary emulation in the enterprise programme. The scenarios included movements between on-premise systems and cloud resources as well as the use of stolen credentials.

MITRE designed this round of testing to examine whole-platform performance rather than isolated features. The exercises measured both the accuracy of detections and the ability to block malicious actions at different stages of an attack.

The tests included early-stage techniques that focused on initial access and establishment of a foothold. They also covered lateral movement and exploitation of cloud services once an attacker gained a presence.

CrowdStrike said the results showed the strength of its Falcon platform when facing these complex scenarios.

“These were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats,” said Michael Sentonas, president, CrowdStrike. “Delivering 100% detection, 100% protection, and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform - complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response.”

The evaluations looked at how vendors handled attacks that did not stay in a single environment. The scenarios included use of compromised identities, activity on endpoints and operations in cloud infrastructure.

MITRE used techniques associated with MUSTANG PANDA, which it describes as an espionage-focused group. It also drew from SCATTERED SPIDER, which has been linked with financially motivated intrusions and cloud-focused operations.

The assessment measured whether security products generated accurate alerts for each technique used in the simulation. It also measured whether the products prevented key steps in the attack chains.

CrowdStrike reported that its Falcon platform detected and blocked malicious actions at every stage of the exercises. The company said this included credential abuse, attempts at lateral movement and efforts to exploit cloud environments.

The results place emphasis on unified architecture across identity, endpoint and cloud rather than separate point tools. The evaluations examined how well products correlated activity across these layers and maintained visibility as attackers shifted between them.

Vendors in previous years mainly faced endpoint-centred tests. The 2025 exercise introduced wider cross-domain tradecraft and more complex attack paths that mirrored current threat patterns faced by large organisations.

The MITRE ATT&CK Enterprise Evaluations do not rank vendors. The programme publishes detailed matrices that show exactly which techniques each product detected and which actions it blocked.

Security buyers and practitioners use these matrices as a reference when they compare tools. They can see where products performed strongly and where detection or protection was absent or delayed.

CrowdStrike has positioned its Falcon offering as a single platform that brings together endpoint, identity and cloud security tools. The evaluation tested that model against adversary behaviour that moved across these domains.

Sentonas said the company joined the programme to provide more detailed evidence of its platform performance in realistic attack scenarios. He highlighted the combination of detection quality and absence of false positives in the results.

The detailed findings from this round of testing will add new data on cloud and identity-focused techniques to the public MITRE ATT&CK corpus. The expanded scope is likely to influence how enterprises assess security products that claim cross-domain coverage.

CrowdStrike plans to discuss the evaluation outcomes and technical details of its approach in upcoming webcasts for different regions.

Related stories
CoreView adds new tools for secure Microsoft 365 tenants
Manual compliance strain fuels automation push - survey
Tanium named Leader in IDC report on Windows tools
Cobalt launches two-way Microsoft Teams pentesting tool
Ping Identity launches universal trust layer for ID

Top stories

Practical DevSecOps launches hands-on security course
Check Point targets securing AI factories at runtime
Exclusive: Genetec dives into the latest State of Physical Security Report
Claroty names James Love as new Chief Revenue Officer
Attackers target AI agents with prompt & tool hacks