2023 MITRE ATT&CK® Evaluation results: Malwarebytes earns high marks for detection, blocks initial malware executions

MITRE Engenuity released its 2023 ATT&CK Evaluation results, with Malwarebytes blocking initial malware executions and earning high marks for detection.

The evaluation tested 30 vendor solutions against Turla, a sophisticated Russia-based advanced persistent threat (APT) group with victims in over 45 countries.

MITRE Engenuity’s researchers recorded how well products could analyze and prevent techniques associated with the group, evaluating vendors’ ability to detect “step” of an attack, provide quality alerts with robust information to the end-user, and so on.

Let’s take a closer look at the results and how organizations should use them.

2023 MITRE ATT&CK® Evaluation Results

MITRE executed two attack scenarios throughout the course of the evaluation: Attack Scenario 1 (“Carbon”) and Attack Scenario 2 (“Snake”). With the “Carbon” attack scenario consisting of 10 steps and “Snake” consisting of 9, MITRE Engenuity executed a total of 19 steps during the evaluation.

Malwarebytes alerted on 19/19 steps with no configuration changes, meaning our EDR tool was able to convert telemetry into actionable threat detections “out of the box” for parts of each step.

The MITRE Engenuity red team also tested cybersecurity solution providers on their protection capabilities—what malicious actions can a solution prevent. For the Protections scenario, there were 129 substeps organized into 13 major steps.

Malwarebytes broke the Turla attack kill chain at the initial phase and 6 subsequent steps, including initial malware execution, subsequent malware execution on Domain Controller and other machines, lateral movement, and credential dumping.

Analyzing The MITRE ATT&CK® Evaluation Results

The MITRE ATT&CK® Evaluation is a valuable independent security test, though its relevance will likely vary on the size of your security team.

Larger organizations with more advanced security teams, for example, might find the test particularly useful given its focus on nation-state level actors. The opposite might be true for smaller security teams, who are less affected by threats like Turla.

As organizations go through the data available in MITRE Engenuity’s evaluation portal, keep in mind several other important questions such as: Who will be using the tool MITRE is evaluating? Is it easy to use? Does it have too many unnecessary features for my security goals?

Additional questions to consider asking include:

  • Would the attack have been stopped at step 1 in a real-world scenario?
  • Does the APT attack apply to my business?
  • Do I need to detect 100% of these substeps to be 100% protected?

In sum, while the MITRE ATT&CK Evaluation is undoubtedly important, its results are best considered alongside other independent tests such as MRG Effitas 360° Assessment & CertificationG2 peer-to-peer evaluationsAV-Test, and more.

Try Malwarebytes for Business Today

We invite organizations to check out the full 2023 ATT&CK Evaluation results on MITRE’s official website here: https://attackevals.mitre-engenuity.org/results/enterprise?evaluation=turla&scenario=1

Ready to try award-winning endpoint security today? Get a free trial of Malwarebytes EDR: https://www.malwarebytes.com/business/request_trial