Rapid7 releases 2022 MITRE Engenuity ATT&CK results
Rapid7 has announced the results of its completed 2022 MITRE Engenuity ATT&CK Evaluation of the company’s InsightIDR and Insight Agent.
MITRE ATT&CK Evaluations emulates threats that have the potential to uniquely impact businesses and governments globally.
This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions imitated the Wizard Spider and Sandworm threat groups, and Rapid7’s InsightIDR and Insight Agent were found to have strong signal-to-noise across the attack chain during the simulations.
Furthermore, InsightIDR showed consistent threat detection ability early in the cyber kill chain and solid visibility across the ATT&CK Framework, recognising telemetry, tactics, and techniques across 18 of the 19 phases generated in the attack simulations.
InsightIDR is the security analytics and automation company’s cloud SIEM and Extended Detection and Response (XDR) offering.
Additionally, Insight Agent is included in this offering and provides coverage across assets both in the cloud and on-premises, as well as powering the platform’s endpoint detection and response (EDR) capabilities.
Rapid7 says the detections in this evaluation only account for a small segment of the InsightIDR detections library, which gives users native telemetry and high-fidelity detections across networks, users, clouds, and endpoints.
Moreover, these are all vetted in the field by Rapid7’s managed detection and response (MDR) security operations centre analysts to ensure their relevance and actionability for InsightIDR customers.
“This MITRE ATT&CK evaluation demonstrates the high-fidelity detections that customers value with InsightIDR,” Rapid7 detection and response vice president Sam Adams says.
“From our own MDR service, we understand firsthand the importance of having a comprehensive, relevant, and reliable detection set that customers can trust. InsightIDR’s native EDR capabilities highlighted in this evaluation are just one example of how we help customers get there.”
Carrying out its first ransomware campaign in August 2018, Wizard Spider is a financially motivated criminal group that targets a range of organisations, from major corporations to hospitals.
Sandworm is a destructive Russian threat group known for conducting notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies, as well as the NotPetya attacks in 2017.
MITRE says it chose Wizard Spider and Sandworm threat actors based on their complexity, relevancy to the market, and MITRE Engenuity’s ability to emulate the adversary.
“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat-informed defence capabilities, which in turn has developed the infosec community’s emphasis on prioritising the ATT&CK Framework,” MITRE Engenuity ATT&CK Evaluations acting general manager Ashwin Radhakrishnan says.
Benefits of InsightIDR’s endpoint capabilities for security professionals include:
- Real-time monitoring for on-premises and remote endpoints and a vast library of critical attacker behaviour and endpoint detections
- The ability to bait attackers and address areas of exposure with honey credentials deployed by the agent, helping identify intruders on- or off-network
- Access enhanced endpoint telemetry for custom detection, investigations, threat hunting, and forensics
- Faster mean-time-to-respond with automated containment utilising the Insight Agent with InsightIDR and its security orchestration, automation and response capabilities