MITRE Engenuity™ ATT&CK® Evaluations

Due to technical incompatibilities between Cisco and MITRE, Cisco will not have any results from MITRE ENGENUITY ATT&CK Turla Enterprise Evaluation 2023 which follows Turla’s multi-phase approach, intelligence-collection attack. MITRE has determined “Due to technical incompatibilities between the vendor’s product and this round’s emulation execution, we were unable to successfully complete our evaluation within the allotted time frame, and therefore do not have results for this vendor. We are working with the vendor to resolve the incompatibilities for the next round.”

Cisco’s Course of Action

Cisco engaged SE Labs, who also executed the Turla attack emulation in their July 2023 Enterprise Advanced Security EDR (Endpoint Detection & Response) Test. SE Labs executed the same Turla attack emulation against Cisco Secure Endpoint that has been used in other evaluations. SE Labs is a trusted and highly reputable independent security efficacy testing firm based in the UK and is often one of the firms referenced by Gartner and Forrester when determining product security efficacy.

The results were nothing short of stellar as Cisco Secure Endpoint received the highest rating possible, a AAA rating from SE Labs for Enterprise Advanced Security EDR Detection.

While cyberattack frequencies have continued to increase and are more sophisticated with an ever-expanding threat landscape, your security product efficacy must keep pace with the bad actors in safeguarding sensitive information.

Cisco Secure Endpoint performance in the Turla emulation conducted by SE Labs, displayed a level of efficacy your EDR product must contain to protect and detect those persistent threats.

Cisco Secure Endpoint detected and protected against 100% of the attacks evaluated

Cisco Secure Endpoint received a AAA award for its exceptional efficacy against Turla:

Cisco Secure Endpoint’s effectiveness against the Turla adversary:

Turla is a Russian-based threat group known for conducting watering hole and spear phishing campaigns and leveraging in-house tools and malware. Targets range from nation-states, governmental organizations, educational institutes, and private organizations. Turla primarily targets Windows platforms, however, macOS and Linux machines have been compromised as well.

Cisco Secure Endpoint security product efficacy and effectiveness quickly detected an attacker, and our EDR solution, with its automation, immediately acted and prevented all the malicious activities from running without generating any false positives or potential exfiltration of sensitive information.

The proof is in the results

EDR Protection – Total Accuracy Ratings

The chart below considers not only the product’s ability to detect and protect against threats but also its handling of non-malicious objects such as web addresses (URLs) and applications.

EDR Detection – Total Accuracy Ratings

This test examines the total insight a product has, or can provide, into a specific set of attacking actions. The product is configured in audit mode only to allow attack progress to evaluate detection efficacy across the full attack chain.

Protection from malicious web-based exploits and malware

Cisco Secure Endpoint also scored a 100% Legitimacy Accuracy Rating, meaning that it correctly identified harmless and legitimate software and allowed them to run without engaging administrators or end-users in sub-optimum interactions.

This is noteworthy in the context of the Turla attack type which exploits in-house tools and software. Cisco Secure Endpoint was quick to disallow web-based exploits and malware because it recognized them as such. By also correctly identifying what would have been false positives, the product achieved a 100% Total Accuracy Rating.