Back to Newsroom

11 December 2024

Independent Testing Emulating Advanced Attack Techniques Reveals Bitdefender’s Superior Capabilities in Alert Actionability in Two Newly Introduced Metric Categories

BUCHAREST, Romania and SANTA CLARA, Calif. – Bitdefender, a global cybersecurity leader, today announced exceptional results in the 2024 MITRE Engenuity ATT&CK® Enterprise Evaluations. Bitdefender demonstrated unmatched efficiency, requiring an average of just three alerts to identify and report incidents to the security operations center (SOC), far surpassing the median of 209 alerts from other tested solutions. The evaluations, conducted through rigorous independent tests simulating adversary behavior and techniques, assessed the detection and protection capabilities of 19 participating vendors. This year, MITRE introduced two new key metrics—‘Total Alerts Generated’ and ‘False Positives’—to better measure the actionability and effectiveness of vendor solutions.

“Security teams are under pressure to improve response time as ransomware and sophisticated state-sponsored attacks become more frequent,” said Dragos Gavrilut, vice president of threat research at Bitdefender. “Improving efficiency within teams and inside SOCs is what matters most to security practitioners. Bitdefender’s ability to increase threat visibility through detailed, actionable alerts with low false positives to quickly remediate threats before they do severe damage is what sets us apart, with independent tests like the MITRE ATT&CK Evaluations helping to serve as validation.”

The 2024 ATT&CK Evaluations tested cybersecurity vendors on their ability to detect techniques and tactics from two adversary focus areas: ransomware campaigns (specifically Cl0p and LockBit) targeting Windows and Linux, and macOS attacks linked to the Democratic People’s Republic of Korea (DPRK). These tests emulated common ransomware behaviors, such as the abuse of legitimate tools, data encryption, and disabling critical services, while the macOS evaluation highlights DPRK-inspired multi-staged and modular malware used to elevate privileges and target credentials.

Each participant was evaluated based on detection rates and their performance in the framework’s attack kill chain, spanning from initial compromise to the final stage of execution. This year, MITRE introduced two key changes to the evaluation process: False Positives and Reporting on Total Generated Alerts. The False Positives metric assessed the accuracy of detections by measuring instances where a benign activity is incorrectly flagged as malicious, while Reporting on Total Generated Alerts evaluated the volume and quality of alerts generated, ensuring a balance between comprehensive detection and operational efficiency.

Alongside outstanding performance around alert actionability, Bitdefender achieved 100% analytical coverage and zero false positives in both Linux and macOS environments with overall analytical coverage at 91% with just six false positives, well above the average of all participating vendors.
 

MITRE Engenuity evaluated Bitdefender GravityZone Platform, a unified security and risk analytics platform that provides advanced endpoint protection including endpoint detection and response (EDR), extended detection and response (XDR) and cloud security for physical, virtual, and multi-cloud environments. The platform delivers deep security context to detections and offers a direct path to Bitdefender Managed Detection and Response (MDR) services.

In addition to excelling in the MITRE Engenuity ATT&CK Enterprise Evaluations 2024, Bitdefender was also a top performer in the 2024 ATT&CK Evaluation for Managed Services. Bitdefender’s MDR services were evaluated on the ability to detect, analyze, and describe adversary behavior. Bitdefender delivered near-total coverage across all steps (no vendor achieved complete coverage) and achieved the highest result (32% above the average) in the category of Actionability, a measurement of whether a SOC analyst is provided with enough information in the alert to take immediate action. These results highlight the effectiveness of the GravityZone Platform in real-world security operations.

To get a better understanding of why alert volumes and false positives matter in these tests read our full analysis here.
 

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. www.mitre-engenuity.org.

Contacts