{"id":110075,"date":"2020-04-22T13:55:48","date_gmt":"2020-04-22T20:55:48","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=110075"},"modified":"2020-07-30T19:56:26","modified_gmt":"2020-07-31T02:56:26","slug":"cortex-mitre","status":"publish","type":"post","link":"https:\/\/www2.paloaltonetworks.com\/blog\/2020\/04\/cortex-mitre\/","title":{"rendered":"MITRE Round 2 Results Solidify Cortex XDR as a Leader in EDR"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">As threat actor techniques continue to get more targeted and sophisticated, there is more pressure than ever on detection and response vendors to continually test and improve detection methods. The MITRE ATT&amp;CK evaluations were created to test the detection capabilities of leading endpoint security vendors by emulating the real-world attack sequences of sophisticated advanced persistent threat (APT) groups from around the world.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In Round 2 of the MITRE ATT&amp;CK evaluations, <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xdr\"><span style=\"font-weight: 400;\">Cortex XDR<\/span><\/a><span style=\"font-weight: 400;\"> was put to the test once again, this time against the tactics and techniques that have been leveraged by the threat actor group known as <\/span><a href=\"https:\/\/attackevals.mitre.org\/APT29\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">APT29 aka Cozy Bear<\/span><\/a><span style=\"font-weight: 400;\">, who are known for their stealthy, sophisticated and highly customized attacks. The evaluation involved two complete attack scenarios leveraging 58 unique techniques from the <\/span><a href=\"https:\/\/attack.mitre.org\/matrices\/enterprise\/\" rel=\"nofollow,noopener\" ><span style=\"font-weight: 400;\">MITRE ATT&amp;CK Framework<\/span><\/a><span style=\"font-weight: 400;\">. <\/span><b>We are proud to announce that no other vendor achieved higher attack technique coverage than Cortex XDR <\/b><span style=\"font-weight: 400;\">in this evaluation with the powerful combination of automated product detections and enrichment from the <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/02\/cortex-managed-threat-hunting\/\"><span style=\"font-weight: 400;\">Cortex XDR Managed Threat Hunting service<\/span><\/a><b>.<\/b><span style=\"font-weight: 400;\">*<\/span><\/p>\n<p><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:61.78%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"aligncenter wp-image-110119 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/Mitre-rd2-1.png\" alt=\"MITRE Round 2 Attack Technique Coverage\" width=\"900\" height=\"556\" \/><\/span><\/div><\/p>\n<p><span style=\"font-weight: 400;\">The results of this round emphasize the consistent best-in-class threat detection capabilities of Cortex XDR, which were demonstrated in the recent <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2020\/02\/cortex-nss-labs-aep-test\/\"><span style=\"font-weight: 400;\">NSS AEP<\/span><\/a><span style=\"font-weight: 400;\"> test and the 2019 <\/span><a href=\"https:\/\/www.paloaltonetworks.com\/cortex\/cortex-xdr\/mitre\"><span style=\"font-weight: 400;\">MITRE APT3 <\/span><\/a><span style=\"font-weight: 400;\">evaluation. In the 2020 MITRE APT29 Evaluation, Cortex XDR was at the front of the pack both in the number of detections and in the specificity and accuracy of those detections compared to the 20 other endpoint detection and response products tested. To complement our strong performance in automated product detections, the Cortex XDR Managed Threat Hunting service further augmented our results with human expertise from our world-class threat hunting team, resulting in superior overall product and service coverage in this evaluation, with 90% of techniques detected.<\/span><\/p>\n<figure id=\"attachment_110106\" aria-describedby=\"caption-attachment-110106\" style=\"width: 900px\" class=\"wp-caption aligncenter\"><div style=\"max-width:100%\" data-width=\"900\"><span class=\"ar-custom\" style=\"padding-bottom:51.22%;\"><img loading=\"lazy\" decoding=\"async\"  class=\"wp-image-110106 lozad\"  data-src=\"https:\/\/www.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/04\/majorstep-1.png\" alt=\"Palo Alto Networks Cortex XDR performance on MITRE's APT29 Evaluation from the the MITRE site.\" width=\"900\" height=\"461\" \/><\/span><\/div><figcaption id=\"caption-attachment-110106\" class=\"wp-caption-text\">Palo Alto Networks Cortex XDR performance on MITRE\u2019s APT29 Evaluation from the MITRE site<\/figcaption><\/figure>\n<p><span style=\"font-weight: 400;\">Cortex XDR <\/span><a href=\"https:\/\/start.paloaltonetworks.com\/rewiring-security-operations\"><span style=\"font-weight: 400;\">goes beyond traditional EDR approaches<\/span><\/a><span style=\"font-weight: 400;\"> that rely on narrow endpoint-focused data sources to detect attacks. Instead, it validate alerts by providing holistic, accurate visibility across your entire enterprise. While the MITRE evaluation tested products\u2019 abilities to detect activity beyond traditional endpoints, such as domain controllers and file servers, it stopped short of including other critical enterprise infrastructure, such as network and cloud sources, which we expect would have improved our results even further. We look forward to continuing to work with MITRE as they consider expanding the scope of their evaluation with the addition of prevention capabilities and new data sources to address the full scope of our XDR solution.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-weight: 400;\">To take a deep dive into the MITRE APT29 Evaluation and how Cortex XDR performed, download our \"<\/span><a href=\"https:\/\/start.paloaltonetworks.com\/ultimate-guide-to-mitre-attack-2-EDR.html\"><span style=\"font-weight: 400;\">Ultimate Guide to MITRE<\/span><\/a><span style=\"font-weight: 400;\">\" white paper. You can also watch the replay of our \u201c<\/span><a href=\"https:\/\/register.paloaltonetworks.com\/webinarmitreattckround2resultsunveiled\"><span style=\"font-weight: 400;\">MITRE ATT&amp;CK Round 2: Results Unveiled<\/span><\/a><span style=\"font-weight: 400;\">\u201d webinar.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><i><span style=\"font-weight: 400;\">*Attack technique coverage in this context is defined as the highest number of attack techniques detected by the product or the MSSP service. Detection configuration changes that took place during the evaluation are counted as a miss, as these indicate adjustments by the vendor that could point to gaps in coverage. This methodology was applied universally to all vendors.<\/span><\/i><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Round 2 MITRE ATT&amp;CK evaluations tested Cortex XDR against tactics and techniques that have been used by the threat actor group APT29, aka Cozy Bear.<\/p>\n","protected":false},"author":645,"featured_media":106783,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6770],"tags":[6737,5810,6789],"coauthors":[6788],"class_list":["post-110075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-secure-the-future","tag-cortex-xdr","tag-endpoint-detection-and-response","tag-mitre-attck-evaluation","sec_ops_category-must-read-articles"],"jetpack_featured_media_url":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-content\/uploads\/2020\/02\/CORTEX-XPR-WEBOPT.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/110075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/645"}],"replies":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=110075"}],"version-history":[{"count":9,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/110075\/revisions"}],"predecessor-version":[{"id":116133,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/110075\/revisions\/116133"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/106783"}],"wp:attachment":[{"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=110075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=110075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=110075"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www2.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=110075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}