Elastic protects against ransomware and Linux threats in MITRE Engenuity Round 4 Eval


Want to view the MITRE Engenuity ATT&CK® Eval Round 4 Kibana dashboard? Go here.

The latest MITRE Engenuity Evaluation, Wizard Spider and Sandworm

That’s right all, it’s time for the latest MITRE Engenuity ATT&CK® evaluation. As we have come to expect each year, Elastic — along with other security vendors — are evaluated by MITRE Engenuity, a tech foundation that brings MITRE research to the public. The evaluation focuses on emulating techniques from the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to assess vendor protection capabilities.

Each year, MITRE Engenuity focuses on a new attacker emulation. We have seen living-off-the-land techniques and, most recently, the targeting of Linux systems. But this year brings data impact to the forefront. The red team at MITRE Engenuity focused on adversary groups and techniques associated with ransomware and the destruction of data. 

So how did we do?

During last year’s evaluation, we utilized the beta version of our endpoint capabilities with Elastic Security 7.9, and provided enhanced visibility (80%) for our users. This year, we used Elastic Security 7.16 (soon after our Generally Available release), which was made available in December 2021. The system was configured with standard out-of-the-box rules to detect advanced threats. This time, we increased our visibility to 90%, highlighting our rapid growth and commitment to democratizing security for every user.

New Elastic Endpoint Security features including ransomware protection, memory threat protection, and malicious behavior detection were showcased in this evaluation. These features join our  previously evaluated features of malware detection, SIEM detections, machine learning, and more, to provide a comprehensive detection capability.

Visualizing a Ransomware alert with Elastic Security

To see the Round 4 results visualized in Elastic, go here.

Kibana Dashboard using Elastic Lens of Round 4 results

Thanks MITRE Engenuity!

As with the previous three evaluations, not only is it exciting to have your software tested by MITRE Engenuity’s red team, it’s a great way to put yourself in front of your product during a real-life attacker emulation exercise. We are once again proud of Elastic Security’s performance and look forward to continuing to provide value to our users. Thank you MITRE Engenuity for a great experience!

Ready to give Elastic Security a spin? You can always get started with a free 14-day trial of Elastic Cloud.

Note: In round 4, MITRE also included protection testing. Elastic did not participate in the prevention portion of the tests during this round. Detections can be easily configured to prevent the emulated attacks, which would have also actively blocked many of these TTPs.