Priority number one for cybersecurity leaders across small-to-medium enterprises (SMEs) and managed service providers (MSPs) is to ensure IT environments are up and running. To proactively minimize the risk of a data breach, it’s crucial to keep tabs on a rapidly evolving cybersecurity vendor landscape and continually reassess which solutions are most effective. The recent release of the 2024 MITRE ATT&CK Evaluation — cybersecurity’s most trusted vendor assessment — offers an answer key. This practical guide distills performance insights and guidance to interpret the results.
Cynet was the sole vendor to deliver 100% Visibility and 100% Protection in the 2024 Evaluation. The All-in-One Cybersecurity Platform detected every threat tested in the Detection Phase and blocked all attacks simulated in the Protection Phase of the Evaluation. Plus, Cynet achieved the 100% detection with zero false positives.
“These 2024 MITRE ATT&CK Evaluation results reflect our entire team’s commitment to secure success for Cynet partners, customers, and end users,” says Cynet Founder & CEO Eyal Gruner. “Achieving 100% Detection Visibility and 100% Protection is a motivating milestone that affirms the compelling advantages Cynet’s All-in-One Cybersecurity Platform is enabling for organizations around the world.”
These 2024 results build on Cynet’s record-breaking performance in the 2023 MITRE ATT&CK Evaluation when, for the first time ever, a vendor achieved 100% Visibility and 100% Analytic Coverage with no configuration changes. It should be noted, however, that MITRE does not rank vendors or declare “winners.” Instead, cybersecurity leaders must interpret the data to determine which solution best fits their organization’s unique needs.
What is the MITRE ATT&CK Evaluation?
MITRE is a nonprofit foundation that supports private sector companies “solving problems for a safer world.” Their annual ATT&CK Evaluation is regarded as the most rigorous and unbiased technical trial of cybersecurity platforms.
- MITRE emulates real-world attacks in a controlled lab environment to evaluate how vendor solutions behave against a set of threats introduced in the exact same manner.
- Vendor solutions are tested consistently, without external, extraneous variables to influence the results as in real-world deployments.
This methodology is designed to evaluate the efficacy of a solution at detecting the discrete steps an adversary could take to execute a cyberattack. Because MITRE emulates the techniques of prominent threat groups, each technique presented represents what is plausible to play out in a real-world scenario.
For vendors, the Evaluation is an opportunity to demonstrate how their solution detects the threats presented and provides useful information for each detection.
2024 RESULTS
Cynet delivered 100% Detection Visibility, perfectly detecting every attack action using no configuration changes and no delays.
Threat detection is the core competency of an endpoint protection solution. Detecting attack steps across the MITRE ATT&CK sequence is critical for protecting the organization. Missed steps can allow an intrusion to expand and ultimately lead to a breach or other catastrophic outcomes.
In 2024, the attack sequence was executed over 16 steps, which were broken out into 80 malicious sub-steps. During Cynet’s testing, 3 of the sub-steps were not executed due to technical reasons and are considered N/A (not counted) which resulted in 77 total sub-steps executed. Cynet detected every single one of the 77 sub-steps. Cynet had ZERO misses in this year’s MITRE testing and detected 100% of attacks over Windows and MacOS devices as well as Linux servers.
All 77 detections were performed without the need for configuration changes. Leaders reviewing vendor outcomes can see which vendors could accomplish detections only after they were allowed to make configuration changes.
Cynet delivered 100% Protection, blocking every attack sequence attempted.
Around half of the participating security vendors were unable to test all 10 attack steps planned for the Protection tests due to technical issues. MITRE was able to execute all 10 attack steps for Cynet. Cynet blocked every one of the 10 attacks steps — allowing no malicious activity to execute.
The chart below shows each participant’s Protection rate as well as the volume of steps blocked and the volume of steps executed (steps blocked/steps executed).
Cynet delivered 100% Prevention, blocking every attack in the first step attempted.
Protection measures whether any sub-step in a Protection step was blocked. For example, if a step consisted of 5 sub-steps, a vendor could miss the first four, block the fifth and consider the entire step blocked. Cynet defines Prevention as how quickly (early) in each of the 10 attack steps the threat was prevented.
Prevention measures the percentage of sub-steps that were blocked from executing. Ideally a vendor would block the first sub-step in every step tested so that every subsequent sub-step in the step was considered to be blocked. By this measure, Cynet is the only vendor to achieve 100% Prevention – blocking every one of the 21 Protection sub-steps from executing.
Cynet is the leader in Overall Threat Visibility and Protection
This chart compares each vendors overall visibility with prevention rate. Prevention rate is used as it’s a more rigorous measure of the solutions ability to block malicious attacks.
Conclusion
Identifying which cybersecurity vendor can best protect your business or your clients is one of the first and most impactful steps a cybersecurity leader can take. The 2024 MITRE ATT&CK Evaluation results substantiate why Cynet’s All-in-One Cybersecurity Platform is an increasingly popular solution for fast-growing SMEs and MSPs. By demonstrating that highly effective protection can be also be intuitive and affordable, Cynet has set a standard that competing vendors must strive to emulate.
Sign up to see Cynet in action today.
About the Authors
George Tubin and Michael Newell are teammates at Cynet. Cynet’s All-in-One Platform unifies a full suite of cybersecurity capabilities on a single, simple platform, backed by 24/7 SOC support. For more info, visit: https://www.cynet.com
