CrowdStrike sets speed record in MITRE's cybersecurity test

In a notable achievement, CrowdStrike has established a new standard in the field of cybersecurity threat detection. The company reported identifying and alerting on a sophisticated eCrime adversary attack within just four minutes during the closed-book MITRE Engenuity's ATT&CK Evaluations: Managed Services-Round 2.

CrowdStrike's Falcon Complete managed detection and response (MDR) service demonstrated superior performance, detecting the incident six to 11 times faster than its competitors and achieving the highest detection coverage score. Michael Sentonas, President of CrowdStrike, stated, "The Falcon platform's unique cloud-born, AI-native architecture with one intelligent sensor delivers the best analyst experience and the fastest, most effective cybersecurity outcomes in the industry."

During the MITRE evaluation, vendors participated in a simulation of a real-world eCrime attack without prior knowledge of the threat scenario. This closed-book approach ensured an accurate assessment of each vendor's capabilities. The evaluation disallowed the use of prevention capabilities for the Falcon agent, operating it on a detect-only mode, which means the platform could not execute any automated actions to terminate processes. Despite these constraints, CrowdStrike successfully reported 42 out of the 43 adversary techniques used during the simulation.

MITRE recorded CrowdStrike's average time to detect (MTTD)—the mean duration between the performance of a specific attack activity and the reception of an email alert regarding that activity—at a record-breaking four minutes. This performance sets a new speed benchmark in the realm of threat detection.

Sentonas elaborated on the implications of this performance, noting, "Stopping breaches requires security teams to operate at the speed of the adversary. Multiple platforms and stitched-together solutions are hard to use, create operational complexity, and slow security teams down when speed matters most. This is evident in testing scenarios and even more so in real-world environments."

He further highlighted the effectiveness of the Falcon platform in tackling cybersecurity challenges, stating, "The powerful combination of CrowdStrike’s elite team of experts, the Falcon platform, and our knowledge of the adversary is unmatched in delivering the speed and efficacy needed to stop breaches."

MITRE’s ATT&CK Evaluations are highly regarded in the cybersecurity industry for their rigorous and comprehensive approach to assessing the capabilities of security solutions. The evaluations are designed to reflect real-world attack scenarios, providing a meaningful measure of how well a cybersecurity platform can perform under pressure.

In addition to its speed, CrowdStrike's Falcon platform has also been recognised for its holistic approach to security. Leveraging cloud technology and AI, the platform provides real-time indicators of attack, threat intelligence, and enriched telemetry from across the enterprise, aiming to deliver precise detections and automated remediation.

This newly set benchmark further solidifies CrowdStrike's position in the cybersecurity industry and underscores the importance of speed and accuracy in threat detection and response. The achievement in the MITRE evaluation validates their approach and technological capability in protecting enterprises from sophisticated cyber threats.