[ad_1]
Just lately MITRE Engenuity launched the outcomes from its fourth spherical of the ATT&CK Evaluations. This spherical targeted on menace actors Wizard Spider and Sandworm.
It’s no shock that each hacking teams have made their presence felt. For instance, between 2019 and 2020, Wizard Spider, a Russian-speaking cybercriminal group, extorted $61 million from ransomware assaults, together with notable assaults that included Common Healthcare System Hospitals, and state authorities administrative workplaces in each Georgia and Florida. In 2017, Sandworm infiltrated Ukrainian accounting software program MeDoc and hijacked the corporate’s replace mechanism which resulted in malicious software program being launched to copies of the MeDoc software program utilized by its clients.
After taking part within the third spherical of MITRE Engenuity Evaluations, Cisco was excited to interact once more to point out our enhancements over final 12 months.
These evaluations will not be a aggressive evaluation. MITRE reveals the detections it noticed with out offering a “winner.” As a result of there is no such thing as a singular manner for analyzing, rating, or score the options, MITRE as an alternative reveals how every vendor approaches menace protection inside the context of ATT&CK.
Cisco delivered robust leads to the 2022 Analysis
Total, Cisco Safe Endpoint proved it will possibly cease Wizard Spider and Sandworm assault campaigns early within the kill chains and supplied analytic detections on the MITRE ATT&CK approach stage throughout every step of its respective kill chains.
Abstract of Cisco’s Outcomes:
Cisco Applied sciences |
third Get together Applied sciences |
Wizard Spider
|
Wizard Spider
|
Sandworm
|
Sandworm
|
What’s necessary to know:
- Day 1 and a pair of of the MITRE Analysis have been for the Detection Check and Safety assessments have been carried out on Day 4.
- Of the 30 distributors that participated within the analysis all however eight don’t supply a complete resolution and didn’t have a Linux agent.
- Of the 30 distributors that participated eight of them didn’t take part within the safety take a look at.
Safety Kill Chains Overlayed with Detections
On the subject of safety, Cisco Safe Endpoint stopped each assault campaigns early within the kill chains and supplied analytic detection on the MITRE ATT&CK stage throughout every step of their respective kill chains. With real-time safety and analytics, a safety analyst can remediate the menace with a diminished imply time to detection and response. Cisco Safe Endpoint blocked Wizard Spider firstly of the kill chain, nevertheless, an Lively Listing database dump take a look at was executed in Check 4. It’s necessary to do not forget that the safety assessments are executed as impartial unit assessments; on this case it’s assumed the sooner assessments have been unsuccessfully blocked.
Cisco Safe Endpoint Analytic Protection considerably improved within the 2022 Analysis, permitting us to see the tactic or approach used at a extra granular stage. Cisco Safe Endpoint’s improved insights on the menace’s particular approach helped speed up the imply time to detection and response.
Cisco Safe Endpoint had a big variety of detections on the first substeps of every section within the Wizard Spider and Sandworm kill chain emulated within the MITRE Analysis. Alert on potential menace actor exercise was fast fairly early within the kill chain, which helped cut back attacker dwell time on the endpoint.
Cisco Safe Endpoint Behavioral Safety once more performed a vital position in figuring out threats. We’ll proceed to develop and develop Behavioral Safety for patrons.
Hyperlinks to Cisco’s MITRE Engenuity ATT&CK outcomes:
Cisco Safe Endpoint and MITRE ATT&CK: Why it issues to CISOs proper now
Securing your endpoints has by no means been extra vital, and also you want endpoint safety you possibly can belief. Cisco Safe Endpoint is designed for these searching for endpoint resilience. Assembly safety head-on requires adopting a complete cloud-based endpoint safety resolution on your safe distant employee, SASE, XDR, and Zero Belief structure. We’re the one endpoint safety resolution to ship a cloud-native, built-in platform, Cisco SecureX, delivering XDR capabilities and extra for higher menace visibility, extra clever investigations, and quicker response.
Cisco has been acknowledged as a frontrunner in endpoint safety
See it for your self
We all know what you might be going through, a world the place malware is consistently evolving, and threats have gotten more durable and more durable to detect. Essentially the most superior and riskiest threats that may ultimately enter and wreak havoc in your community might doubtlessly go undetected. Safe Endpoint supplies complete safety in opposition to any menace. This safety software program prevents breaches, blocks malware on the level of entry, and repeatedly screens and analyzes file and course of exercise to quickly detect, include, and remediate threats that may evade front-line defenses.
To study extra about Cisco Safe Endpoint and see for your self the way it protects you in opposition to at this time’s threats, be part of our digital menace searching workshop or join a free trial.
We’d love to listen to what you assume. Ask a Query, Remark Under, and Keep Related with Cisco Safe on social!
Cisco Safe Social Channels
Share:
[ad_2]
