Business

Palo Alto Networks has successfully completed the MITRE Engenuity ATT&CK Round 4 Evaluation — achieving 100% Prevention and 100% Detection of attacks. Cortex XDR was evaluated for its ability to protect and detect simulations of the Wizard Spider and Sandworm threat groups real-world attacks.

Detecting and mitigating real-world threats is the ultimate validation of a security solution.

According to MITRE, Wizard Spider is a financially motivated Russia-based threat group that has been conducting ransomware campaigns against a variety of organizations, ranging from major corporations to hospitals. MITRE describes Sandworm as a Russian threat group known for carrying out notable attacks such as the 2015 and 2016 targeting of Ukrainian electrical companies and 2017’s NotPetya attacks.

Cortex XDR received outstanding results in all measures, including:

—100% prevention against all attacks in the protection phase of the evaluation.
—100% detection of all 19 attack steps.
—Over 98% of attack substeps were identified with “technique level analytics detections.”
—Over 98% visibility of all adversarial activity across both attack scenarios.

These outstanding results are founded on Cortex XDR’s industry-leading endpoint telemetry collection that fuels our behavioral threat protection and cloud based analytics. All (100%) of the detections Cortex XDR delivered were classified as technique-level detections, the highest value detections available in the evaluation. Cortex XDR automates the investigation process, delivering complete attack stories that are able to clearly reveal the how, what and why of an attack and give the analyst the critical insight they need for rapid and complete remediation.

“Cortex XDR is a leading solution for the industry, and we’re thrilled to have achieved such landmark results again in this year’s MITRE evaluation,” said Gonen Fink, senior vice president, Cortex products at Palo Alto Networks. “MITRE Engenuity results are the best measure of security product effectiveness for today’s threats and an important vendor evaluation criteria for customers. Our performance is a testament to the continuing innovation we bring to Cortex XDR and proof of our ability to provide customers with outstanding protection. We value the threat-informed approach MITRE takes that helps drive the industry forward, making it a safer, more secure world.”

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting general manager of ATT&CK Evaluations at MITRE Engenuity.