Intrinsic Security

VMware Delivers Comprehensive Endpoint & Network Visibility in Latest MITRE Engenuity ATT&CK® Evaluation

MITRE Engenuity has just released the latest round of ATT&CK® Evaluation results once again proving why VMware leads the industry in threat prevention, detection and response across endpoints, workloads, and networks. VMware is excited to announce critical preventions in 100% of the cases tested, as well as robust coverage with correlated, high confidence alerting at each and every step of the detection testing. These results were achieved with zero configuration changes, meaning VMware’s security solutions worked out-of-the-box with no extra tuning to stop two of the most sophisticated threats out there today.

We’re pleased to share VMware excelled in the following areas:

  • VMware demonstrated comprehensive endpoint and network visibility into every step of the attacks emulated – VMware continues to pioneer the use of both endpoint detection and response (EDR) and network detection and response (NDR) to deliver unprecedented lateral movement and privilege escalation detections.
  • VMware delivered critical preventions in 100% of the cases tested – Across all the scenarios tested, VMware prevented every attack using the same lightweight agent and cloud-based console as our industry-leading detection and response capabilities.
  • VMware required zero configuration changes for maximum out-of-the-box efficacy – As the volume and sophistication of cyberattacks increase, it’s critical that enterprise-scale security solutions deliver value and scale to enterprises on day one. VMware’s security solutions worked out-of-the-box, stopping today’s most sophisticated threats with no extra tuning needed.

Each year MITRE Engenuity evaluates cybersecurity products using an open methodology based on the ATT&CK® knowledge base. This year’s testing emulated two sophisticated adversaries across both Windows and Linux systems, Wizard Spider, a financially motivated cybercriminal group, and Sandworm, a destructive threat group that the U.S. and U.K. have attributed to Russia.

Increasingly, organizations are seeing successful cyber-attacks that are sophisticated, multi-step assaults that hop among various endpoints and networks, finding ways to disguise themselves in the noise. VMware offers a unique combination of product breadth to capture signals from across all these systems, and the depth of understanding of the inner workings of apps and workloads to be able to differentiate the signal from the noise. VMware’s endpoint detection and response (EDR) capabilities, together with our network detection and response (NDR) capabilities, give our customers an intrinsic, contextual understanding of traffic flows in and between endpoints and the network. This combination results in unmatched ability to detect, investigate and respond intelligently to the full range of known and unknown threats.

At VMware, we’re changing the game for defenders through the precise combination of world-class threat research from the human expertise we offer via the VMware Threat Analysis Unit (TAU), together with the powerful AI analytics we use to stop attackers in their tracks. The VMware TAU team is made up of over thirty data scientists and PhDs, as well as hundreds of threats researchers & partners, including some of the most published cybersecurity researchers in academia today. We strike this balance of humans and technology for the most holistic approach for turning telemetry into insight. This means more attacks stopped and minimized mean time to detection.

“MITRE Engenuity’s rigorous testing reflects the type of threats that our customers are seeing in the real world, where there are no redo’s,” said Scott Lundgren, Chief Technology Officer of VMware’s Security Business Unit. “With highly effective detection and prevention, our results demonstrate the power of VMware’s comprehensive endpoint and network visibility, which not only works out of the box, but also works the first time.”

Security operations centers (SOCs) across the globe continue to leverage VMware Carbon Black Cloud as their consolidated security platform of choice, empowering them to identify risk, prevent, detect and respond to the latest threats from a single cloud-based console. VMware Carbon Black Cloud not only delivers industry-leading detection, but transparent and adaptive prevention that allows our Threat Analysis Unit to infuse key security insights directly into the platform with zero extra effort from the customer. For visibility beyond the endpoint, VMware’s NSX Network Detection and Response provides the broadest set of detection capabilities that span network intrusion prevention system, behavior-based network traffic analysis, as well as VMware NSX Sandbox offering a full-system emulation technology that has visibility into every malware action. EDR and NDR are simply better together. Ultimately, VMware puts our customers, from the top financial institutions to local school districts, in the best position possible to fend off sophisticated attacks like the ones MITRE tested this year.

Resources
1. Review MITRE Engenuity’s full overview of the Wizard Spider and Sandworm enterprise evaluation
2. Schedule a VMware Carbon Black Cloud demo
3. Tap into the VMware Carbon Black User Exchange for real-time intelligence on threat actors such as Wizard Spider and Sandworm