FortiEDR in the MITRE Engenuity ATT&CK® Evaluation
Given the fact that cybercriminals continue to target businesses with a wide with a variety of new and already known strains of ransomware (approximately (approximately 150,000 unique detections per week), this year's MITRE ATT&CK® evaluations are particularly important, according to a recent threat report from FortiGuard Labs are particularly important. MITRE ATT&CK has released its evaluations for Fortinet FortiEDR Endpoint Detection and Response has detected 100 Response has stopped 100% of attacks. This is the second year in a row year that FortiEDR has blocked all attacks, and there was a 32 percent increase in the detection of sub-steps with almost 100% of all techniques identified.
The MITRE ATT&CK evaluations assess the capability of cybersecurity products to detect known adversarial behaviour. To gain objective insight into product capabilities, MITRE uses uses its knowledge base for attacker tactics, techniques and common knowledge (ATT&CK) to mimic the tactics and techniques seen in real-world hackers. observed by hackers in the real world.
This round of evaluation focused on the Wizard Spider and Sandworm threat groups. Wizard Spider is a financially motivated criminal group that has been running ransomware campaigns since August 2018 against a a wide range of organisations, from large corporations to hospitals. Hospitals - have been targeted. Sandworm is a destructive threat group that is known for carrying out notable attacks such as the attacks against Ukrainian electrical companies in 2015 and 2016 and the NotPetya attacks in 2017.
The FortiEDR results
FortiEDR participated in all test scenarios, with the exception of the Linux only test, which will be conducted next year. In the nine scenarios, FortiEDR detected and catalogued 97% of the 90 non-Linux non-Linux steps used in the test and blocked all attacks. In addition, 93 % of of the sub-steps were detected using the "technique", which is a description of the technique with the technique under test for an EDR solution. (Endpoint Detection and Response). Growing capability, the MITRE framework makes FortiEDR a reliable tool for enterprises. a reliable tool for enterprises.
As Gartner® notes, threat detection is difficult. Technical security and risk management professionals must protect their their organisation against hundreds of known threats and potentially even more unknown threats. The MITRE ATT&CK framework has evolved evolved to provide a common taxonomy for threats and a foundation for threat detection1."
By adopting this standard, FortiEDR has become more intuitive for more intuitive for security staff, especially when it comes to threat threat hunting.
The results show how the sophisticated threat hunting, detection and FortiEDR's sophisticated threat hunting, detection and mitigation capabilities artificial intelligence and machine learning technologies. Since FortiEDR does not rely on signatures (but still uses them in the cloud), future cyber cloud), future cyberattacks that use similar tactics and techniques to those techniques similar to those used in the evaluation are very likely to be blocked, even if no blocked, even if there is no threat data on them yet.
It is worth noting that Fortinet has recently partnered with the MITRE Engenuity Center for Threat Informed Defense and found that 90 found that 90% of all cybercriminal techniques sighted in the last 28 months have been cybercriminal techniques seen in the last 28 months fall into just 15 categories. The proven ability to not only understand but also block these techniques gives companies the confidence that they can protect themselves against (It is worth noting that more than 2/3 of these most common techniques are part of the most common techniques were part of the ATT&CK Round 4 assessment).
FortiEDR has a unique approach to the monitoring of system activity, known as "code tracing". Tracing". The benefits of this patented technology were evident in the assessment results. In order to remain unnoticed and unobtrusive, advanced threats often violate one or more legitimate operating system instructions. of the operating system. By correlating the operating system's outgoing communication or file change instructions with the preceding operating system flow of operating system instructions, FortiEDR can detect and prevent malicious actions in real time. and prevent them.
The MITRE ATT&CK evaluations show how well the behavioural endpoint protection (EPP) platform and EDR approach, together with code work together with code tracking in FortiEDR to detect and prevent threats. and prevent threats.
About FortiEDR
The FortiEDR solution provides comprehensive protection for endpoint devices in real time, both before and after infection. It provides automated real-time endpoint protection with orchestrated incident response across all communication communication devices - all on a single integrated platform. platform. FortiEDR protects everything from workstations and servers running current operating systems to point-of-sale and manufacturing controls. manufacturing controls. FortiEDR is built on a native cloud infrastructure and can be deployed in the cloud, on-premise or as a hybrid implementation. hybrid implementation.
FortiEDR includes next-generation machine learning-based next-generation antivirus capabilities, application communication control application communication control, automated endpoint detection and response (EDR), real-time blocking, threat hunting, incident response and virtual patching capabilities. Patching capabilities. FortiEDR also leverages the broader Fortinet Security Fabric architecture by integrating with Security Fabric components such as. FortiGate, FortiNAC, FortiSandbox and FortiSIEM. FortiEDR offers:
● Superior real-time protection before and after execution.
● Robust detection of high-value, high-risk activities without overwhelming security teams.
● A unified approach to protection, detection and automated response