Endgame First Endpoint Protection Platform to Validate Performance Beyond Malware-Based Attacks; Collaborating with MITRE in Nation-State Emulation Exercise
MITRE and Endgame call for endpoint vendors to test against ATT&CKTM matrix for more rigorous measurement of efficacy
ARLINGTON, VA – October 23, 2017 – Endgame today announced it was the first endpoint protection platform to go beyond the scope of malware-based efficacy to measure its performance against nation-state level attacks. Endgame collaborated with the MITRE Corporation to validate protections against MITRE’s ATT&CKTM Matrix, a framework for adversarial tactics and techniques that enterprises encounter daily. This approach provides a far more realistic understanding of protection against targeted attacks compared to other testing regimens. The results showcase Endgame’s ability to protect and detect nation-state level attackers before data theft or damage.
“The industry must redefine the scope of endpoint protection to ensure their technologies are truly effective against modern attacks,” said Jamie Butler, CTO at Endgame. “We were honored to work with MITRE to measure the efficacy of our platform against nation-state level tactics and techniques. At Endgame, we’re committed to holding ourselves to the highest standard of protection, which means going beyond malware-based testing regimens to include post-exploitation techniques. I encourage other security vendors to expand their measurement criteria to include MITRE’s ATT&CK Matrix to clearly demonstrate the true value of protections for customers.”
The MITRE ATT&CK™ Matrix is widely known in the security community as the most comprehensive framework for techniques and tactics used in targeted attacks. While some security teams use red teams to model attacker behavior and test defenses, the same rigor is often not applied to the protection technology they use, which is publicly tested against antiquated techniques and tactics like file-based malware.
To measure Endgame’s performance against more malicious attack types, MITRE mimicked the tactics used by APT3 (a prolific Chinese APT group) to determine Endgame’s coverage of the ATT&CK Matrix. Endgame successfully stopped APT3 in the emulation exercise before any data theft or damage would have occurred.
Endgame credits the positive results of this test to its heritage protecting the federal government, including the U.S. Air Force, from targeted attacks. Endgame is rapidly becoming the standard endpoint protection platform across the Department of Defense due to its layered protections and ease of use for inexperienced analysts. As the need for more sophisticated protections has expanded into the commercial sector, Endgame’s commercial customer base has grown rapidly, including in critical industries like financial services, energy and education. With Endgame, users of any skill level can prevent, stop, and proactively hunt ongoing threats that bypass incumbent security solutions.
“The best way to measure defense is through a good offense,” said Frank Duff, lead for MITRE’s Leveraging External Transformational Solutions in Cybersecurity at the MITRE Corporation. “To best understand what an adversary can do post-exploit, we released the ATT&CK framework. The next logical step is to show how ATT&CK can be actionable, and we have done so with ATT&CK based adversary emulations. These emulations provide a method to prove the effectiveness of security solutions against known threats. We are engaging with the security industry to encourage this thinking so that they can effectively articulate their capabilities to our government partners, as well as the public. We look forward to continuing to work with commercial vendors to articulate their capabilities in the future.”
In an industry where customers are constantly inundated with speculative marketing claims from vendors, Endgame is fully committed to transparency and integrity when disclosing the efficacy of its platform. As part of that commitment, Endgame plans to continue to work with MITRE to test its protection technology. Endgame is also a member of the Anti-Malware Testing Standards Organization (AMTSO) and has provided its MalwareScore™ machine-learning malware prevention engine publicly in VirusTotal. Endgame has also achieved 100% anti-malware effectiveness in an independent evaluation by SE Labs, and a 99.5% protection rate in a test with AV Comparatives.
Endgame's converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before information theft. Endgame unifies prevention, detection, and threat hunting to stop known and unknown attacker behaviors at scale with a single agent. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.