MITRE Round 2 Results Solidify Cortex XDR as a Leader in EDR

As threat actor techniques continue to get more targeted and sophisticated, there is more pressure than ever on detection and response vendors to continually test and improve detection methods.

The MITRE ATT&CK evaluations were created to test the detection capabilities of leading endpoint security vendors by emulating the real-world attack sequences of sophisticated advanced persistent threat (APT) groups from around the world.

In Round 2 of the MITRE ATT&CK evaluations, Palo Alto Networks Cortex XDR was put to the test once again, this time against the tactics and techniques that have been leveraged by the threat actor group known as APT29 aka Cozy Bear, who are known for their stealthy, sophisticated and highly customized attacks. The evaluation involved two complete attack scenarios leveraging 58 unique techniques from the MITRE ATT&CK Framework. No other vendor achieved higher attack technique coverage than Cortex XDR in this evaluation with the powerful combination of automated product detections and enrichment from the Cortex XDR Managed Threat Hunting service.*

Cortex XDR goes beyond traditional EDR approaches that rely on narrow endpoint-focused data sources to detect attacks. Instead, it validates alerts by providing holistic, accurate visibility across your entire enterprise. While the MITRE evaluation tested products’ abilities to detect activity beyond traditional endpoints, such as domain controllers and file servers, it stopped short of including other critical enterprise infrastructure, such as network and cloud sources, which Palo Alto Networks expects would have improved their results even further.

*Attack technique coverage in this context is defined as the highest number of attack techniques detected by the product or the MSSP service. Detection configuration changes that took place during the evaluation are counted as a miss, as these indicate adjustments by the vendor that could point to gaps in coverage. This methodology was applied universally to all vendors.

Read more about the MITRE ATT&CK evaluations in Peter Havens full blog here.

Please contact your local Exclusive Networks Account Manager for more information on the Palo Alto Networks Cortex XDR solution.