MITER 每年会针对不同的攻击组织进行模拟,对参加的各个安全厂商进行评估。2021 年 4 月 20 日,MITER 发布了最新一轮的 ATT&CK 安全解决方案评估结果。这是继 2018 年测试评估检测 APT3、2019 年测试评估检测 APT29 后的第三轮评估测试,2020 年测试评估的目标是检测 Carbanak/FIN7。
本轮评估有 29 个安全厂商参加,包括 Microsoft、Cisco 等大厂;CrowdStrike、Carbon Black 等终端安全强势厂商;Bitdefender、McAfee、Symantec 等传统安全厂商等,具体如下所示:
Carbanak/FIN7 从 2013 年开始活跃,于 2018 年被跨国联合行动沉重打击后仍在活动。数年间在全球三十多个国家/地区造成了超过 10 亿欧元的损失,累计窃取了超过 1500 万张信用卡信息。
MITRE 模拟了 Carbanak/FIN7 的复杂攻击手法,评估不同安全解决方案的检测与分析能力。每个参与测评的厂商都单独提供结果,评估指标如下所示:
检测数量:检测总数,包括原始遥测和分析检测
分析覆盖:能提供额外上下文检测的子步骤数量
遥测覆盖:最少处理就能检测的子步骤数量
可见数量:可分析或遥测的子步骤数量
| 厂商 | 检测数量 | 分析覆盖 | 遥测覆盖 | 可见数量 |
|---|---|---|---|---|
| AhnLab | 123 | 37 | 80 | 90 |
| Bitdefender | 366 | 151 | 150 | 158 |
| Check Point | 330 | 157 | 161 | 162 |
| Cisco | 160 | 42 | 112 | 122 |
| CrowdStrike | 231 | 64 | 141 | 152 |
| Cybereason | 302 | 148 | 153 | 160 |
| CyCraft | 264 | 125 | 128 | 130 |
| BlackBerry Cylance | 253 | 99 | 134 | 141 |
| Cynet | 261 | 107 | 140 | 153 |
| Elastic | 214 | 63 | 138 | 140 |
| ESET | 271 | 93 | 143 | 147 |
| Fidelis | 282 | 119 | 147 | 147 |
| FireEye | 259 | 124 | 117 | 136 |
| Fortinet | 196 | 68 | 113 | 117 |
| F-Secure | 253 | 80 | 137 | 152 |
| GoSecure | 153 | 59 | 84 | 100 |
| Malwarebytes | 187 | 85 | 99 | 116 |
| McAfee | 274 | 93 | 148 | 151 |
| Micro Focus | 146 | 82 | 56 | 122 |
| Microsoft | 356 | 134 | 148 | 151 |
| Open Text | 238 | 67 | 122 | 125 |
| Palo Alto Networks | 335 | 149 | 154 | 169 |
| ReaQta | 220 | 101 | 119 | 135 |
| SentinelOne | 333 | 159 | 164 | 174 |
| Sophos | 157 | 39 | 114 | 118 |
| Symantec | 282 | 122 | 143 | 159 |
| Trend Micro | 338 | 139 | 162 | 167 |
| Uptycs | 204 | 62 | 124 | 127 |
| VMware Carbon Black | 278 | 90 | 152 | 154 |
按检测数量进行排序,如下所示:
按分析覆盖进行排序,如下所示:
按遥测覆盖进行排序,如下所示:
按可见数量进行排序,如下所示:
取各项的 TOP3 如下所示:
ATT&CK 的三轮评估使用了知名 APT 和黑产组织进行模拟,无论是专攻 EDR 领域的厂商还是号称能够进行高级威胁检测的厂商都可以参与评估模拟,从参加的厂商来看也是不同细分领域都有厂商参加,希望将来能有更多的国内安全厂商参与评估。
附录一
两个场景下不同阶段的检测数量如下所示,想要看具体的数字可在附录二的每个厂商的具体页面中进行查看。
附录二
| 厂商 | 评估结果地址 |
|---|---|
| AhnLab | https://attackevals.mitre-engenuity.org/enterprise/participants/ahnlab/?adversary=carbanak_fin7 |
| Bitdefender | https://attackevals.mitre-engenuity.org/enterprise/participants/bitdefender/?adversary=carbanak_fin7 |
| Check Point | https://attackevals.mitre-engenuity.org/enterprise/participants/checkpoint/?adversary=carbanak_fin7 |
| Cisco | https://attackevals.mitre-engenuity.org/enterprise/participants/cisco/?adversary=carbanak_fin7 |
| CrowdStrike | https://attackevals.mitre-engenuity.org/enterprise/participants/crowdstrike/?adversary=carbanak_fin7 |
| Cybereason | https://attackevals.mitre-engenuity.org/enterprise/participants/cybereason/?adversary=carbanak_fin7 |
| CyCraft | https://attackevals.mitre-engenuity.org/enterprise/participants/cycraft/?adversary=carbanak_fin7 |
| BlackBerry Cylance | https://attackevals.mitre-engenuity.org/enterprise/participants/cylance/?adversary=carbanak_fin7 |
| Cynet | https://attackevals.mitre-engenuity.org/enterprise/participants/cynet/?adversary=carbanak_fin7 |
| Elastic | https://attackevals.mitre-engenuity.org/enterprise/participants/elastic/?adversary=carbanak_fin7 |
| ESET | https://attackevals.mitre-engenuity.org/enterprise/participants/eset/?adversary=carbanak_fin7 |
| Fidelis | https://attackevals.mitre-engenuity.org/enterprise/participants/fidelis/?adversary=carbanak_fin7 |
| FireEye | https://attackevals.mitre-engenuity.org/enterprise/participants/fireeye/?adversary=carbanak_fin7 |
| Fortinet | https://attackevals.mitre-engenuity.org/enterprise/participants/fortinet/?adversary=carbanak_fin7 |
| F-Secure | https://attackevals.mitre-engenuity.org/enterprise/participants/f-secure/?adversary=carbanak_fin7 |
| GoSecure | https://attackevals.mitre-engenuity.org/enterprise/participants/gosecure/?adversary=carbanak_fin7 |
| Malwarebytes | https://attackevals.mitre-engenuity.org/enterprise/participants/malwarebytes/?adversary=carbanak_fin7 |
| McAfee | https://attackevals.mitre-engenuity.org/enterprise/participants/mcafee/?adversary=carbanak_fin7 |
| Micro Focus | https://attackevals.mitre-engenuity.org/enterprise/participants/microfocus/?adversary=carbanak_fin7 |
| Microsoft | https://attackevals.mitre-engenuity.org/enterprise/participants/microsoft/?adversary=carbanak_fin7 |
| Open Text | https://attackevals.mitre-engenuity.org/enterprise/participants/opentext/?adversary=carbanak_fin7 |
| Palo Alto Networks | https://attackevals.mitre-engenuity.org/enterprise/participants/paloaltonetworks/?adversary=carbanak_fin7 |
| ReaQta | https://attackevals.mitre-engenuity.org/enterprise/participants/reaqta/?adversary=carbanak_fin7 |
| SentinelOne | https://attackevals.mitre-engenuity.org/enterprise/participants/sentinelone/?adversary=carbanak_fin7 |
| Sophos | https://attackevals.mitre-engenuity.org/enterprise/participants/sophos/?adversary=carbanak_fin7 |
| Symantec | https://attackevals.mitre-engenuity.org/enterprise/participants/symantec/?adversary=carbanak_fin7 |
| Trend Micro | https://attackevals.mitre-engenuity.org/enterprise/participants/trendmicro/?adversary=carbanak_fin7 |
| Uptycs | https://attackevals.mitre-engenuity.org/enterprise/participants/uptycs/?adversary=carbanak_fin7 |
| VMware Carbon Black | https://attackevals.mitre-engenuity.org/enterprise/participants/vmware/?adversary=carbanak_fin7 |
点击阅读原文可查看评估结果页面
推荐站内搜索:最好用的开发软件、免费开源系统、渗透测试工具云盘下载、最新渗透测试资料、最新黑客工具下载……
还没有评论,来说两句吧...