Endgame Leads the Pack in Real-Time Alert Generation Across the Kill Chain in MITRE ATT&CK™ Evaluation Guide Report by Independent Research Firm
Arlington, VA – Feb 27, 2019 - Endgame, the first endpoint protection provider to partner with MITRE ATT&CK™, today announced its inclusion in the Forrester MITRE ATT&CK™ Evaluation Guide. Endgame demonstrated excellent coverage (74%) and correlation (80%), while leading the pack in terms of real-time alert generation across the kill chain.
The Forrester guide represents the first independent analysis of security vendors who participated in the inaugural MITRE assessment, published on November 29, 2018. While the MITRE evaluation provided an assessment of vendor’s post-compromise EDR capabilities, it did not qualitatively rank or score vendor performance.
“The MITRE ATT&CK evaluation emphasized the fundamental importance of data visibility when it comes to assessing EPP/EDR tools. Forrester takes the evaluation one step further by assessing vendor performance by post-compromise detection capability,” said Ian McShane, VP of Product Marketing at Endgame.
Endgame believes that the Forrester evaluation results echo Endgame’s own analysis of the MITRE assessment, outlined in a recent blog post by McShane, a former Gartner analyst who led the EPP Magic Quadrant. The blog states that Endgame had the fewest complete detection misses; leads the pack among all vendors in its ability to collect the right types of event data to enable threat hunting; and, that the Endgame platform offers the best usability to security practitioners by prioritizing the data that matters most.
To aid security professionals in interpreting the results of the MITRE assessment, Forrester identified and developed a publicly available scoring methodology to create a scale for ranking the quality of vendor detections. The three critical factors identified by Forrester and applied to their scoring methodology include:
- Visibility into ATT&CK techniques as an indication of the product’s underlying telemetry.
- How well the product reduces noise within an environment to assist investigators in correlating events to reconstruct what actions the adversary performed on a compromised device.
- How the product performs across the kill chain as an indication of the breadth of automated detection logic.
For more information about the ATT&CK framework and how to incorporate it into your security program, download our guide How to Develop the Best Plan of ATT&CK.
Endgame makes military-grade endpoint protection as simple as anti-virus. Leveraging the industry’s most advanced machine learning technology, Endgame enables security operators of any skill level to deliver full-force protection, stopping everything from ransomware, to phishing, and targeted attacks. Endgame is the only endpoint security platform to offer a unique hybrid architecture that delivers both cloud administration and data localization that meets all industry, regulatory, and global compliance requirements. The US military as well as the world's largest commercial organizations rely on Endgame to protect their people, technology and mission, globally. For more information, visit www.endgame.com and follow us on Twitter @EndgameInc.