As cyberattacks grow in volume and sophistication, and the cybersecurity skills gap widens, many organizations are turning to Managed Detection and Response (MDR) services. But finding the right MDR provider can be a real challenge. How do you know if they can keep up with today’s sophisticated cyber threats? That’s where MITRE evaluations come in, helping organizations make smarter choices by providing valuable insights into Managed Services from eleven different vendors. Read on as we review the key factors that can help you make the best decision for your cybersecurity needs.
This year’s MITRE Engenuity ATT&CK® Evaluations used a multi-threaded attacks to evaluate each participating vendor. The first mimicked the attack tactics and techniques of the cybercriminal group menuPass. They are known for targeting various industries globally, with a focus on stealing sensitive information like intellectual property. The attacks are known for exploiting living-off-the-land techniques to avoid detection and leveraging third-party relationships for stealing credentials.
The second utilized the BlackCat ransomware written in the RUST language. The ransomware is operating system agnostic, capable of targeting Windows and Linux systems across multiple industries. BlackCat is designed to disrupt system defenses, encrypt data, and obstruct the recovery processes. Both scenarios represent adequate examples of the types of attacks that target modern businesses.
While achieving a strong performance in MITRE MDR evaluations is certainly a point of pride for us, a single score can't capture the entire story. These evaluations are valuable because they delve into a range of interconnected metrics, providing a more nuanced picture of a vendor's capabilities. However, it's important to consider the data in context, as some vendors might choose to focus on specific metrics to their advantage.
Here, we'll unpack the key metrics from our MITRE Managed Services evaluation and explain what they mean for you. We'll also explore some of the qualitative aspects, like reporting style, that can be gleaned from the vendor communications provided by MITRE. This approach will help you understand how our performance translates to your specific security needs.
FIGURE 1: The table shows the results for all vendors across the evaluated categories.
The MITRE evaluation assesses a vendor's MDR solution across a series of 43 sub-steps, representing various stages within attacker tactics and techniques. There are three key levels measured for each sub-step:
Having established our strong foundation in detecting attacker activity, let's now explore how efficiently we translate detection into action. This is where Mean Time to Detect (MTTD) comes into play.
Mean Time to Detect (MTTD) measures the average time it takes for a security provider to identify and alert of potential attacker activity. A lower MTTD generally indicates faster detection and response capabilities. Bitdefender’s averaged 24 minutes MTTD, significantly faster than the average response time of 42 minutes.
Our focus lies in striking a balance between timely detection and minimizing unnecessary noise. We prioritize delivering high-fidelity alerts that provide actionable insights, allowing your security team to respond efficiently to genuine threats. It’s important to consider MTTD in conjunction with other metrics, particularly the volume of alerts generated – or noise.
A critical aspect of any MDR solution is its ability to distinguish between genuine threats and irrelevant noise. Security teams are often bombarded with an overwhelming number of alerts, making it difficult to focus on the most critical issues.
In the MITRE MDR evaluations, the Bitdefender MDR team prioritized a balance between minimizing noise and maintaining high alert fidelity. While some vendors generated alert volumes in the hundreds or even thousands, Bitdefender MDR produced a significantly lower number of alerts compared to the industry average (130 emails and 389 console alerts).
Here's what this translates to for you:
The MITRE MDR evaluation showcases Bitdefender MDR's strengths: exceptional threat detection, actionable insights (highest among participants for "Reported-actionable"), and a commitment to minimizing alert fatigue. This translates to a powerful solution that empowers security teams to focus on what matters most – effectively responding to genuine threats and keeping organizations secure.
FIGURE 2: Bitdefender MDR achieved the highest actionability score while keeping noise to a minimum
Want to learn more? Dive deeper with the experts themselves! Join our on-demand webinar featuring Bitdefender's SOC analysts and security researchers. They'll be unpacking the MITRE MDR evaluations, discussing our results in detail, and answering any questions you have about our approach to MDR. This is a technical deep-dive (not a marketing event) and a chance to learn directly from the front lines of threat detection and response.
tags
Martin is technical solutions director at Bitdefender. He is a passionate blogger and speaker, focusing on enterprise IT for over two decades. He loves travel, lived in Europe, Middle East and now residing in Florida.
View all postsDon’t miss out on exclusive content and exciting announcements!