Palo Alto Networks Excels in MITRE Managed Services Evaluation

Palo Alto Networks Unit 42 is a leader in MDR, delivering MTTD twice as fast as the average participant and leveraging the industry’s best XDR technology.

Today, MITRE Engenuity unveiled the results of its second-ever ATT&CK Evaluations for Managed Services. For the second consecutive year, Unit 42 Managed Detection and Response (MDR) excelled in the evaluation, delivering MTTD twice as fast as the average participant. We leveraged Palo Alto Networks industry-leading Cortex XDR, the only product that achieved 100% protection and 100% detection coverage during the previous round of the MITRE Enterprise Evaluations. With Cortex XDR behind Unit 42 MDR, we deliver the industry’s best detection and response to sophisticated cyberthreats.

Unit 42 MDR sent 37 email alerts during the evaluation. Other vendors sent more than 300 email alerts – nearly 10x the amount we sent.

We deliver the most important and actionable information as quickly as possible in order to enable accurate, efficient and confident decisions about next steps. With Unit 42 MDR, customers receive a balanced combination of high-quality information, granularity and speed.

As part of the evaluation, we delivered a detailed threat report highlighting crucial information for response and remediation. Our executive summary quickly identifies answers to the most important questions facing an organization under attack:

• • How important is this threat?
  • Who is the adversary, and what is their intent?
  • How was the attack executed (TTPs)?
  • What is the impact?
  • How should you respond?

Background on the test — MITRE ATT&CK Evaluation Managed Services: menuPass + ALPHV BlackCat.

Third-party evaluations like MITRE’s shed light on how vendors would realistically perform against real-world, highly sophisticated threats in a customer environment.

This year’s evaluation was a rigorous 5-day test, named MITRE ATT&CK Evaluation Managed Services: menuPass + ALPHV BlackCat. The evaluation is closed book; vendors are not given prior information on the adversary or techniques. Vendors provide analysis in the same format they deliver reports to their customers. MITRE Engenuity’s evaluation prohibits prevention or remediation, unlike in real-world scenarios.

According to MITRE, this test included sophisticated techniques, including multi-subsidiary compromise with overlapping operations focusing on defense evasion, exploiting trusted relationships, data encryption and inhibiting system recovery.

Our Results

Our Unit 42 MDR team leveraged Cortex XDR, high fidelity threat-intelligence and AI-powered analytics to accurately identify/attribute the two adversaries as APT10 (aka menuPass) and BlackCat (aka ALPHV).

We mapped key details of the suspicious activity in the evaluation to MITRE ATT&CK TTPs and identified the threat actors’ maneuvers and intentions. By helping our customers understand adversary tactics and tools, they can better target their defense strategies and improve cyber resilience.

In the first few pages of our threat report, we included a threat brief that accurately identified the impacted hosts and usernames on the attack chain. Our report accompanied messages to the customer, delivered via Cortex XDR. Unit 42 MDR is natively integrated into Cortex XDR and all Unit 42 MDR customers have immediate access to all alerts in the Cortex XDR console.

Normally, we would immediately inform the customer upon identifying a verified threat and start remediation actions. However, remediation was not permitted by MITRE in this test, so we provided recommendations for remediation and posture hardening.

We’re the Only Vendor Backed by the Best XDR on the Market

Our Unit 42 MDR service is a powerful combination of the industry’s best extended detection and response technology – Cortex XDR – and world-renowned Unit 42 expertise and threat intelligence. Unit 42 MDR includes proactive threat hunting to help customers detect the most evasive and sophisticated threats.

Organizations partner with MDR providers to help them more quickly, accurately and effectively address threats 24/7/365. According to the Unit 42 Incident Response Report, attacks are happening in just hours, and time to exfiltration is often less than a day. Read our MDR threat report and see how Unit 42 can help your organization accurately and quickly understand the most important information related to a threat with actionable, clear recommendations.

We want to thank the MITRE Engenuity team for the effort they put into running this evaluation.

Learn more about Unit 42 Managed Services and how we can help your organization better defend against today’s threats.

A Note About MTTD

Importantly, in this evaluation MITRE Engenuity defined MTTD in a unique way: “MTTD is the average time between when an attack is run and when the managed service provider triggers an alert on this attack. The timestamp on the first email relevant to the step in question was used.” You may be confused as usually MTTD is defined as the average time of alert detection within the product. MITRE Engenuity advised they use email timestamps as they’re immutable and cannot be manipulated on the backend.

These results continue a trend of industry-leading validation for Cortex XDR and Unit 42 MDR in independent, third-party security assessments, including the MITRE Enterprise ATT&CK Evaluations, Forrester XDR Wave and Frost Radar: Global MDR.

MITRE does not rank or rate participants in the evaluation

This blog refers to MITRE Engenuity’s Managed Services Evaluation, which is different to MITRE Engenuity Enterprise Evaluations.
Read our Threat Report here.