Product

MITRE 2024: 100% detection and 99% accuracy

In its second participation in the MITRE Evaluations, HarfangLab reaffirms the excellence of its detection capabilities and achieves first-rate protection results. The low false positive rate, tested for the first time by MITRE, is also a remarkable performance from HarfangLab's EDR. Here are the detailed results.
3 min

MITRE 2024: HarfangLab EDR results 

MITRE Evaluation Results 2024

First and foremost, MITRE is a research organization that conducts annual evaluations of cybersecurity solutions. This is not a ranking or competition, but an evaluation system that pushes each market player to improve and helps the market as a whole to raise its standards. This year, 21 vendors took part in the exercise. 

Now let’s get straight to the heart of the matter: MITRE 2024 results have confirmed our position as the European leader in cybersecurity! 

Detection performance

Our EDR detected 100% of attacks. For each of the 16 stages of the attack scenarios played out by the MITRE team, we identified Techniques, i.e. the most precise and contextualized detections possible.   

To break it down further, 69 substeps were detected in each of the 16 steps at the technique level. As mentioned in this article, detecting at least one technique within a step ensures that the EDR delivers the alert in the event of suspicious behavior.  

This detection quality, which affirms HarfangLab’s 2023 results, validates the performance of our EDR in the face of the most sophisticated threats. Our detection capability on macOS is also noteworthy with 19 substeps detected at the Technique level. 

Protection performance 

MITRE Protection - 2024 Evaluation

In terms of protection, our EDR blocked 8 steps. What’s more, all blocking operations were carried out immediately, interrupting the attack as soon as the attackers made their first move! Our blocking is nearly 30% more effective than the average evaluation.
 

False positive performance 

MITRE 2024 - False Positive evaluation

Unlike the two tests mentioned above, the aim here is for the EDR… not to generate alerts. And so, of the 95 substeps played by the MITRE teams, 20 were legitimate user actions. Only one of these triggered a HarfangLab alert all others were correctly identified as benign. The HarfangLab EDR thus achieved an accuracy rate of 99% in these evaluations.   

HarfangLab team performance

These results are the immediate result of the HarfangLab team’s daily investment in protecting our customers and providing our partners with the best possible tools to deal with attacks growing in both number and sophistication. 

Find out more about what goes on behind the scenes right here. 

Now that we’ve seen the figures, you may be wondering what the test scenarios were this year… 

 

MITRE 2024 test scenarios

The tests take place over 3 days and consist of assessing the capabilities of EDRs in the face of different attack types.   

After Turla (APT) in 2023, 2024 allowed us to challenge our detection capabilities on the following OS and threats: 

  • APT on macOS with a simulated attack that could be carried out by a North Korean actor 
  • Ransomware on Windows and Linux with simulated attacks by CL0P and LockBit groups 

But in concrete terms, what do these results mean for our users? What can they tell us about the performance of our solution in the field?  

More than a list of boxes to tick, MITRE is a way of assessing a tool’s ability to correctly detect attack techniques (and one may be enough) with the right level of criticality. These tests enable you to select tools with a view to carrying out a POC, and it is during this POC that their relevance can be tested in the field, in your own context.