Back to Resources

2022 MITRE ATT&CK Evaluation Explained

In the ATT&CK evaluation, SentinelOne Singularity delivered 100% threat protection, blocking all attacks in the protection evaluation on both Windows and Linux endpoints.

The MITRE Engenuity ATT&CK framework is the gold standard evaluation used to describe an adversary’s techniques and tactical objectives. The ATT&CK evaluation assesses various vendors on their approach to threat detection and their ability to automatically detect and respond to real world cyberattacks. The latest evaluation is a simulation of the Russian adversary groups Wizard Spider and Sandworm.
While Wizard Spider’s purpose is to breach an organization, silently maneuver around a network, and leverage data encryption to target it for a high-ransom return, Sandworm aims to breach the network and leverage data encryption to ultimately, destroy an organization’s data.

Both Wizard Spider and Sandworm methodically execute one attack technique after the other and move laterally to multiple machines over Windows and Linux servers in order to achieve their goals. This ATT&CK emulation is segmented into 19 major steps and consists of 109 sub-steps.
Both Wizard Spider and Sandworm adversary groups start by gaining access via stolen credentials. When the initial victim opens a tainted Word document, the adversary moves stealthily through the environment collecting multiple forms of information before deploying Ransomware.

When Singularity’s non-block mode was toggled and the adversary was permitted to do their dirty work, Singularity’s EDR automatically tracked the adversary in real-time and provided understandable context for every step in the attack.

SentinelOne delivers quality over quantity – connecting the dots automatically and providing only the critical detections that need human intervention.
In those detections, contextualizing and correlating malicious activity to the MITRE Engenuity framework gives analysts a head start in determining an adversary’s methods and motivations. This also enables automated remediation across multiple machines with only a single click…saving valuable analyst time.

Though these MITRE Engenuity ATT&CK emulations produce 100’s of data points, SentinelOne Singularity makes it easy for security analysts to know what’s happening by automatically correlating everything into 9 simple console alerts.

Over 2 days of testing, SentinelOne’s EDR provided 99% visibility and over 99% analytic detections (high quality detections) – all in real-time with Zero delays. As well as 100% threat protection, blocking all attacks in the protection evaluation on both Windows and Linux endpoints.

SentinelOne was created to empower analysts with the visibility and context they need, faster, by automatically connecting & correlating benign and malicious events in one simple to use platform.

Learn More at s1.ai/mitre

Watch Now

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform harnesses the power of data and AI to protect your organization now and into the future.