MITRE ATT&CK Evaluations Trend Micro #1 in Initial Overall Detection

As the threat landscape continues to change, it’s not enough to just have advanced security protecting your users and infrastructure.

As Gartner explains in Innovation Insight for Extended Detection and Response,

“The primary value propositions of an XDR product are to improve security operations productivity and enhance detection and response capabilities by including more security components into a unified whole that offers multiple streams of telemetry, presenting options for multiple forms of detection and concurrently enabling multiple methods of response.”

Read the full report to get insights from Gartner on the advantages and risks of utilizing an XDR solution.

Gartner, Innovation Insight for Extended Detection and Response, Peter Firstbrook, Craig Lawson, 19 March 2020

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Trend Micro respects your privacy. Read our privacy policy.

Providing Higher Confidence Detections

In this testing, MITRE took on the persona of APT29, a threat group that has been attributed to the Russian government and has operated since at least 2008. As a first-time participant in the MITRE ATT&CK evaluation, we are proud to have ranked among the top tier of EDR vendors for our detection rates—showing a great balance of detection capabilities across the full attack chain.

Section 1 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 1 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 1 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

MITRE ATT&CK EVALUATIONS—APT29
Trend Micro’s Results

Access report

Download Overview

Section 2 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Highlights of Trend Micro’s Results from the MITRE ATT&CK Evaluations:

The leader in detection, based on initial product configurations, with a 91% detection rate.

Detected particularly well on individual attack techniques, which are higher confidence detections.

Managed alert volumes to avoid alert fatigue. A lower level of alerts combined with a high-detection rate means we reduced the noise of all detections into a minimal number of meaningful, actionable alerts.

Telemetry = Visibility. We give security analysts access to the type and depth of visibility they need when looking into detailed attacker activity.

Our detection coverage results would have remained strong without human involvement—approximately 86% detection coverage. Our MDR service boosted it to 91%.

Section 3 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 3 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Have security questions or want to learn more?

Contact us

Section 4 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 4 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 4 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

5.) “At runtime, replace antivirus-centric strategies with a “zero-trust execution”/default deny approach to workload protection where possible, even if used only in detection mode,” as per Gartner’s report.

Workload Security provides anti-malware, with behavioral analysis and machine learning, as well as application control that uses a default-deny approach for detection or protection of workloads. We believe this allows us to meet the recommendation above.

Section 5 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 5 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 5 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

6.) “Architect for CWPP scenarios where runtime agents cannot be used or no longer make sense,” as per Gartner’s report.

For scenarios where runtime agents cannot be used or no longer make sense, Trend Micro offers anti-malware, vulnerability, and secret scanning in the development pipeline. With Container Security and Application Security, development teams can integrate security libraries for detection and protection in PaaS-based environments. We believe this allows us to meet the recommendation above.

Section 6 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 6 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 6 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

7.) As per Gartner’s report, “Require CWPP vendors to offer integrated cloud security posture management (CSPM) capabilities to identify risky configurations.”

Trend Micro offers integrated cloud security posture management (CSPM) with Trend Micro Cloud One™ – Conformity, real-time continuous assurance and visibility over your cloud infrastructure. We believe this allows us to meet the recommendation above.

Section 7 - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 7 - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Section 7 - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

This is the test as title

[+]

Simplify your decision

ShowHide Section - Column 1. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

ShowHide Section - Column 2. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

ShowHide Section - Column 3. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

ShowHide Section - Column 4. Praesent non velit ut libero condimentum pulvinar sed vitae tellus.
Vestibulum id tristique elit. Suspendisse posuere rutrum sodales. Nam id elit ac sem iaculis lacinia posuere vitae metus.

Innovative Insights from Gartner