MITRE ATT&CK COVERAGE
Beyond Malware-Based Measurement
Enterprise security programs are often defeated by attackers with access to a greater variety of techniques than most programs can detect. Most internal attack models are extremely limited compared to the range of techniques today’s adversaries employ.
The MITRE ATT&CKTM Matrix is the most comprehensive framework of tactics and techniques. Endgame utilizes MITRE's matrix to validate platform efficacy against APT families like the recent FIN7 attack.
FULL-STACK ENDPOINT PROTECTION
Antivirus, whether it's next gen or legacy, is focused on a limited set of attack vectors, for example, file based malware, not the attackers' comprehensive strategy.
Endgame combines pre-execution prevention, dynamic execution protection, and automated threat hunting to stop attackers at the earliest and all stages across the attack lifecycle.
Milliseconds matter: credential theft takes 20 milliseconds, ransomware less than one second. Incumbent EDR tools that require a roundtrip to the cloud for prevention are too late to stop targeted attacks. Endgame's autonomous agent protects both online and offline systems by leveraging hardware-assisted control flow integrity, enhanced dynamic binary instrumentation, signatureless malware prevention using MalwareScoreTM , and sequential analytics to instantly immobilize attacks on the endpoint.
The growing cybersecurity talent gap leaves enterprises vulnerable to attacks. Many EDR solutions require analysts to learn complex queries to manage their products. ArtemisTM, Endgame's AI-powered chatbot, leverages natural language understanding and domain expertise to elevatie Tier 1 analysts and accelerate Tier 3 analysts.
The Cylance, Carbon Black and Crowdstrike names and logos referenced above are the registered trademarks of the applicable company. Endgame is not associated with or sponsored by these entities.
“The best way to measure defense is through a good offense. To best understand what an adversary can do post-exploit, we released the ATT&CK framework. The next logical step is to show how ATT&CK can be actionable, and we have done so with ATT&CK based adversary emulations. These emulations provide a method to prove the effectiveness of security solutions against known threats. We are engaging with the security industry to encourage this thinking so that they can effectively articulate their capabilities to our government partners, as well as the public. We look forward to continuing to work with commercial vendors to articulate their capabilities in the future.”
- Frank Duff, lead for MITRE’s Leveraging External Transformational Solutions in Cybersecurity, MITRE Corporation