SentinelOne has perfect score in MITRE ATT&CK evaluation

Get a free Techzine subscription!

MITRE is probably a familiar name to all security professionals. Part of this organization are the ATT&CK Evaluations, which are performed by MITRE Engenuity. These evaluations are used to determine the quality of parties who apply. The Carbanak-FIN7 Enterprise Evaluation is the most recent and focuses specifically on emulating the Carbanak malware. SentinelOne is the only one out of 29 participants to come out of this evaluation unscathed, with a score of 100 percent.

During the evaluation, there are all kinds of attempts to fool the security solutions of the participating parties, as you would encounter in real life. The Carbanak malware is known for its innovative ways of accomplishing this. Both Windows and Linux endpoints have been targeted. This marks the first time Linux has been part of the evaluation.

100 percent visibility for SentinelOne

A total of 29 participants participated in this evaluation round: AhnLab, Bitdefender, BlackBerry Cylance, Broadcom, Check Point, Cisco, CrowdStrike, Cybereason, CyCraft, Cynet, Elastic, ESET, F-Secure, Fidelis, FireEye, Fortinet, GoSecure, Malwarebytes, McAfee, Micro Focus, Microsoft, OpenText, Palo Alto Networks, ReaQta, SentinelOne, Sophos, Trend Micro, Uptycs, and VMware.

All of the above vendors pay MITRE Engenuity for the evaluation. MITRE Engenuity itself does not provide rankings, scores or other overarching output comparing the parties. So those parties generally do that all by themselves.

Whether it’s SentinelOne analyzing the results, or someone else, one result is undeniable. Of all 29 participants, SentinelOne is the only one to score 100 percent on the Visibility component. That means SentinelOne’s Singularity platform detected everything it was supposed to detect.

In addition, SentinelOne also scored highest on what are called Analytic Detections. This allows the security platform to provide real-time context in an automated way, so SOC personnel don’t have to focus on noise. There was also not a single delay in detection, so again it was in real time. Further, no configuration changes were required during the evaluation, making EDR a lot less complex. Finally, SentinelOne Storyline made sure that per target (machine), no more than one alert was given.

Want to know more about MITRE ATT&CK Evaluations?

If you wish to browse the results of the evaluation yourself, you can do so here. If you specifically want to learn more about SentinelOne’s performance, you can join a webinar that the company is hosting about it.

We recently also published an in-depth story on SentinelOne. In that story, we outline what makes that company unique in a very crowded and competitive security market.