Rapid7 2023 MITRE创造力ATT&CK®评估

最后更新于2023年12月31日星期日16:25:46 GMT

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE能源公司&CK®评价:企业

Over seven years ago, we set out to change the way that SOCs approach threat detection 和 响应. 随着 InsightIDR, we wanted to address the false positives 和 snowballing complexity that was burning out analysts, 安全态势恶化, 抑制必要的规模. We wanted to deliver a more intuitive 和 pragmatic approach, providing the 大多数 覆盖面全面，具备 最强的 信噪比. 今天，作为强大的XDR平台的核心，我们领先 耐多药 提供, InsightIDR has evolved to stay in front of emergent threats 和 expanding 攻击表面s, while maintaining our commitment to eliminating the complexity 和 noise that distract 和 stall successful security teams.

Now we are proud to share our participation 和 results from the 大多数 recent MITRE能源公司&CK评价:企业, which highlights our ability to recognize advanced persistent threats early 和 across the kill chain, while maintaining disciplined 信噪比 ratio to drive successful, 真实世界的威胁检测和响应. You can find the detailed results 和 information about this evaluation on the MITRE能源公司&CK评价:企业网站.  

你需要知道的

在这些结果中有很多信息需要解析, so here we’ve broken down the key takeaways when it comes to this evaluation.

什么是MITRE genius ATT&CK评估?

首先，快速入门:The 斜接丙氨酸&CK框架 is a catalog 和 reference point for cyberattack tactics, techniques, 和 procedures (TTPs). The framework provides security 和 risk teams with a common vernacular 和 guide to visualize detection coverage 和 map out plans to strengthen defenses. MITRE独创的ATT&CK评估 are a vehicle for the community to underst和 how technologies can help defend against known adversary behaviors. 在最近的企业评估中, the focus was on emulating Turla – a sophisticated Russia-based threat group known for their targeted intrusions 和 innovative stealth.

Rapid7提供完整的杀伤链覆盖

InsightIDR was able to capture relevant telemetry 和 detections across all 19 phases of this attack, demonstrating the ability to catch the earliest threat indicators 和 consistently identifying evasive behaviors as the attack progressed. 今年的袭击尤为复杂, evaluating a diverse range of detections 和 leveraging multiple forms of endpoint telemetry. While not all techniques leave remnants for incident responders to analyze, the majority leave traces – if you have the right tools to help you look for them.

To address the need for deeper visibility to identify these traces of stealthy attacker behavior – like those emulated in this evaluation – Rapid7 has leveraged 伶盗龙. 除了提供一个总理 DFIR 支持这种分析的工具, 伶盗龙 also enables real-time detection that sends alerts directly into the existing InsightIDR investigation experience so analysts do not need to pivot. This is 一个 of the emerging capabilities of 伶盗龙 that the vibrant open source community continues to help strengthen day in 和 day out. The version of 伶盗龙 used in this evaluation is embedded into our existing Insight Agent 和 is hosted by Rapid7, which benefits from all of the open source generated artifacts 和 crowdsourced insights of the rapidly developed community feature set.

最强的信噪比为现实世界的效率

Most importantly, we approached the evaluation with the intention of showing 完全 what the experience would be for an InsightIDR customer today; no messing with our Insight Agent configurations or creating new, 不现实的例外，只是为了这个评估. 所见即所得. 并始终, 当我们与顾客交谈时, they aren’t looking for technology that fires alerts on every nuanced technique or procedure. They want to know that when something bad happens they’ll be able to pinpoint the threat as early as possible, 快速了解攻击的范围, 知道该怎么做. That’s our focus, 和 we are thrilled to showcase it with this evaluation.

Looking Ahead: Layered Defenses to Supercharge our Agent for Future-Ready SecOps

虽然IT环境在多样性和表面积上继续增长, endpoint fleets remain a critical security focus as they become increasingly distributed 和 remain rich sources of data 和 proprietary information. 端点检测(如本评估中展示的那些)是 一个 important piece of the puzzle, but successful security programs must encompass 分层 端点防御——以及更广泛的生态系统覆盖.

We continue to invest to provide these 分层 defenses with our single, lightweight Insight Agent. From expanded pre-execution prevention 和 proactive risk mitigation, 对已知和未知威胁的高效检测, 详细调查, 取证, 响应, 自动化剧本, customers trust our Insight Agent as the nucleus of their complete endpoint security. 具有跨云的分层防御, 网络, 应用程序, 和用户, 当攻击不可避免地延伸到终端之外时，我们也做好了准备.

We are grateful once again to MITRE Engenuity for the opportunity to participate in their evaluation 和 for their shared commitment to open intelligence sharing 和 transparency. If you’re looking for a transparent partner to help you kick the complexity out of your SOC 和 proactively stop threats across the 攻击表面，我们很乐意有机会帮助你.

The views 和 opinions expressed here are those of Rapid7 和 do not necessarily reflect the views or positions of any entities they represent.