MITRE 2024: HarfangLab EDR results
First and foremost, MITRE is a research organization that conducts annual evaluations of cybersecurity solutions. This is not a ranking or competition, but an evaluation system that pushes each market player to improve and helps the market as a whole to raise its standards. This year, 21 vendors took part in the exercise.
Now let’s get straight to the heart of the matter: MITRE 2024 results have confirmed our position as the European leader in cybersecurity!
Detection performance
Our EDR detected 100% of attacks. For each of the 16 stages of the attack scenarios played out by the MITRE team, we identified Techniques, i.e. the most precise and contextualized detections possible.
To break it down further, 69 substeps were detected in each of the 16 steps at the technique level. As mentioned in this article, detecting at least one technique within a step ensures that the EDR delivers the alert in the event of suspicious behavior.
This detection quality, which affirms HarfangLab’s 2023 results, validates the performance of our EDR in the face of the most sophisticated threats. Our detection capability on macOS is also noteworthy with 19 substeps detected at the Technique level.
Protection performance
In terms of protection, our EDR blocked 8 steps. What’s more, all blocking operations were carried out immediately, interrupting the attack as soon as the attackers made their first move! Our blocking is nearly 30% more effective than the average evaluation.
False positive performance
Unlike the two tests mentioned above, the aim here is for the EDR… not to generate alerts. And so, of the 95 substeps played by the MITRE teams, 20 were legitimate user actions. Only one of these triggered a HarfangLab alert – all others were correctly identified as benign. The HarfangLab EDR thus achieved an accuracy rate of 99% in these evaluations.
HarfangLab team performance
These results are the immediate result of the HarfangLab team’s daily investment in protecting our customers and providing our partners with the best possible tools to deal with attacks growing in both number and sophistication.
Find out more about what goes on behind the scenes right here.
Now that we’ve seen the figures, you may be wondering what the test scenarios were this year…
MITRE 2024 test scenarios
The tests take place over 3 days and consist of assessing the capabilities of EDRs in the face of different attack types.
After Turla (APT) in 2023, 2024 allowed us to challenge our detection capabilities on the following OS and threats:
- APT on macOS with a simulated attack that could be carried out by a North Korean actor
- Ransomware on Windows and Linux with simulated attacks by CL0P and LockBit groups
But in concrete terms, what do these results mean for our users? What can they tell us about the performance of our solution in the field?
More than a list of boxes to tick, MITRE is a way of assessing a tool’s ability to correctly detect attack techniques (and one may be enough) with the right level of criticality. These tests enable you to select tools with a view to carrying out a POC, and it is during this POC that their relevance can be tested in the field, in your own context.