MITRE Test: Evaluating Cybersecurity Solutions Against Ransomware
Ever wonder why cybersecurity vendors can claim “100% coverage” against frameworks like MITRE, yet their solutions still fall victim to breaches?
Adam Mansour, Chief Security Officer, stacks ActZero MDR’s performance against DarkWeb-sourced malware, relative to “top tier” security vendors’ solutions.
Endpoint attack simulation performance is evaluated using three critical measures: block rate, dwell time, and signal-to-noise ratio - redefined to elucidate the differences between real-world performance, and scoring publications and frameworks like AV-Test.org, eicar, MITRE, and others.
We define these critical measures, describe the assessment method, and compare them to established frameworks. We then explain why POC’s that leverage such measures are critical for:
Choosing cybersecurity solutions, and accurately assessing the outcomes they drive
Determining whether such solutions will be able to keep response times below relevant thresholds
Understanding whether the outputs are actually actionable, to stop the attack itself