Editorial Team

CrowdStrike Inc., (Nasdaq: CRWD), a leader in cloud-delivered protection of endpoints, cloud workloads, identity and data, today announced its results from the fourth round of the MITRE Engenuity ATT&CK® Enterprise Evaluations. CrowdStrike achieved 100% prevention with comprehensive visibility and actionable alerts – demonstrating the power of the Falcon platform to stop today’s most sophisticated threats.

This round of independent ATT&CK Evaluations for enterprise cybersecurity solutions emulated the WIZARD SPIDER and VOODOO BEAR (Sandworm Team) threat groups, which were chosen because of their sophistication and broad range of post-exploitation tradecraft. The Falcon platform was evaluated among products from 30 vendors.

Falcon Platform Delivers 100% Prevention

The Falcon platform delivered 100% prevention in the ATT&CK Evaluations, consisting of nine test scenarios (including 19 steps and 109 substeps) on Windows and Linux operating systems. According to the 2022 CrowdStrike Global Threat Report, the average breakout time for adversaries – the time an adversary takes to move laterally from an initially compromised host to another host within the victim environment – is 98 minutes. Organizations need to be able to stop attackers immediately, before they can move about the network and cause damage. CrowdStrike shuts down attacks before they start.

CrowdStrike Delivers a Unified Platform Approach

CrowdStrike was the only vendor to demonstrate native and unified Zero Trust and identity protection capabilities in its platform. Adversaries are increasingly using legitimate and stolen credentials to try and evade detection. The Falcon platform shuts down identity-based attacks before they can start by delivering powerful capabilities like identity-based security, comprehensive Indicators of Attack (IOAs), machine learning, automated orchestration and threat intelligence through a unified, cloud-native approach. In the ATT&CK Evaluations, the Falcon platform proved these capabilities stop attackers quickly with more than 93% of attacker tactics, techniques and procedures (TTPs) stopped before they could execute.

Falcon Platform Delivers Comprehensive Visibility and Actionable Alerts

The Falcon platform provides comprehensive capabilities and tools for security teams to see, stop and understand an attack – scoring visibility on 96% of substeps in the ATT&CK Evaluations while presenting evidence for 99% of substeps. Visibility is a critical requirement of effective security, as security teams require context, historical visibility and response capabilities. CrowdStrike visually highlights detected attacks with rich context to streamline the triage process and helps security teams focus on the most critical threats first. In the ATT&CK Evaluations, the tested activities are presented in just six incidents, minimizing alert fatigue and giving security teams needed context to understand an attack.

“Achieving 100% prevention in the fourth round of the MITRE Engenuity ATT&CK Evaluation shows the power of the Falcon platform, which was designed to enable organizations to take a unified approach in detecting and preventing attacks across the endpoint, cloud, identity and data. CrowdStrike is setting the industry standard with a cloud-native security platform that is designed to deliver the most robust protections and stop the most sophisticated threats,” said Michael Sentonas, chief technology officer at CrowdStrike.

For more information on CrowdStrike’s test results, please visit the blog.

For full results and more information about the evaluations, please visit the MITRE Engenuity website.

Related Articles