Decoration PressNEWSROOM

MITRE 2024: HarfangLab reaffirms its European leader position

4 min

What are MITRE Evaluations?

MITRE is a not-for-profit organization whose mission is to create reference standards for the classification and treatment of cyberattacks. It publishes the MITRE ATT&CK Matrix, which also aims to document attacker tactics, techniques, and groups. For a detection and response solution such as an EDR, being able to cover the wide range of techniques at different stages of an attack, with highly diverse attack typologies referenced in the MITRE ATT&CK Matrix, is a particularly sought-after detection benchmark. Triggering alerts and stopping the techniques and tactics documented in the MITRE ATT&CK Matrix is the objective of all EDR vendors.

Each year, EDR vendors can participate in the MITRE ATT&CK Evaluations to test their detection, protection, and accuracy capabilities under conditions as close as possible to a real-world cyberattack. After obtaining very positive detection results in its first participation in 2023, HarfangLab passed the tests for the second time in 2024, extending the Evaluation to also test its protection capabilities.

HarfangLab, a European standard for cybersecurity

 

Detection excellence and precision to evaluate the performance of an EDR.

HarfangLab excels at both.

Different capacities of the EDR were tested this year:

  • Detection

Detection - Protection - MITRE Evaluation 2024
Our EDR detected 100% of attacks. For each of the 16 stages of the attack scenarios played out by the MITRE team, we identified techniques, i.e. the most precise and contextualized detections possibleTo break it down further, 69 substeps in each of the 16 steps were detected at the technique level. Detecting at least one technique within a step ensures that the EDR delivers the alert in the event of suspicious behavior.

This detection quality, which affirms HarfangLab’s 2023 results, validates the performance of our EDR in the face of the most sophisticated threats.

  • Protection

MITRE Protection - 2024 Evaluation

Analyzing the results of the protection test, HarfangLab delivered an industry-leading performance.

Regarding protection, HarfangLab’s EDR blocked 8 steps. What’s more, all blocking operations were carried out immediately, interrupting the attack as soon as the attackers made their first move! Our blocking is nearly 30% more effective than the average evaluation. 

  • Precision

Unlike the two tests mentioned above, the goal here is that the EDR doesn’t generate any alert. Hence, among the 100 substeps played by the MITRE teams to test the EDR, 20 were from legitimate users.

Just one of them triggered a HarfangLab alert, revealing a high level of precision from the EDR: 99% to be precise.

Which scenarios in 2024?

The tests take place over 3 days and consist of assessing the capabilities of EDRs in the face of different attack types.

After Turla (APT) in 2023, 2024 allowed us to challenge our detection capabilities on the following OS and threats: 

  • APT on macOS with a simulated attack that could be carried out by a North Korean actor 
  • Ransomware on Windows and Linux with simulated attacks by CL0P and LockBit groups 

Léna Jakubowicz, pre-sales engineer and MITRE project manager, comments: “These tests confirm that our EDR is one of the best on the market today. In fact, a good EDR in 2025 is the three-part work of detection, protection, and accuracy, represented by a low false-positive rate so as not to waste analysts’ time. Moreover, the MITRE tests are an illustration of a corporate project in which every team has a role to play and contributes: research and development, the product and CTI teams, on deck during the intense  tests, and the sales, pre-sales, and marketing teams, who then promote the results throughout the year. It’s a real challenge, one that’s brilliantly taken up by the strength of the team, and which in the end enables us to deliver a product of excellence and prove it.”

To learn more about MITRE, check out this page: EDR & MITRE

To explore MITRE “behind the scenes”, you can learn more here: MITRE 2, The return


About HarfangLab

HarfangLab is a French cybersecurity company specializing in endpoint protection. HarfangLab builds technologies that anticipate and neutralize cyberattacks on devices and servers, while also providing a better understanding of your IT infrastructure for improved security. HarfangLab’s EDR software was the first EDR to be certified by ANSSI, and today protects hundreds of customers worldwide, including administrations, companies, and international organizations operating in highly sensitive sectors. HarfangLab’s solutions are distinguished by their openness, with solutions that integrate natively with all other security bricks; their transparency, as the data collected by the tools remains fully accessible; and the strategic autonomy they offer, as customers are free to choose their hosting mode: cloud, public, private, SecNumCloud, or their own infrastructure.