Cybersecurity News & Trends

Cybersecurity News & Trends

More hot news for SonicWall with lots of coverage for the 2022 SonicWall Cyber Threat Report and the astounding five consecutive perfect results in third-party certification tests (100% detection and zero false positives). In global cybersecurity news, security experts recently gained significant data that is already illuminating the inner workings of ransomware gangs based in Russia and elsewhere. Just in time too with the return of Emotet, “the most dangerous malware in the world.” Krebs dropped a report about Russia using “tech-savvy” prisoners for the benefit of Russian corporations. And finally, a stunning story about Chinese hackers who have (so far) stolen “trillions” in intellectual property from 30 multinational companies.

SonicWall News

Providers Experienced 121% Spike in Malware Attacks In 2021

DotMed, Threat Report Mention/Immanuel Chavoya Quote: The HHS breach report highlights all reported cases of a breach in the health sector under investigation, of which there are currently 151 for 2022. What’s more alarming is that at the time of this report, there appears to be a staggering 8 million “individuals affected” for the year of 2022,” Immanuel Chavoya, threat detection and response strategist for SonicWall, told HCB News.

How To Be Proactive in The Face of Growing Cyber Threats

Security Magazine, SonicWall Threat Report Mention: SonicWall reported that in 2020, the number of malware variants detected grew by 62%. Identity, email, endpoint security and antivirus are all important, but they are not enough.

A Cybersecurity Stock with Monster Tailwinds

Guru Focus, SonicWall Threat Report Mention: With the rising price of cryptocurrency, this has caused these types of attacks to increase in popularity from 66,000 cases in 2020 to 436,000 in the UK alone, according to data from SonicWall.

Negate The Quantum Cyber Threat to Safely Unlock the Potential of Quantum Computers

Inside Quantum Technology News, SonicWall Threat Report Mention: Ransomware, encrypted threats and cryptojacking are just a few attack methods found to have significantly increased in number over the past year, according to SonicWall’s 2022 Cyber Threat Report.

Ransomware Hits 2 Colleges at Semester’s End. What Can Others Do?

Higher Ed Dive, SonicWall in the News: Ransomware attacks doubled worldwide and in North America last year, according to a recent report from SonicWall, a cybersecurity firm. And software company Emsisoft said at least 26 U.S. colleges and universities were hit with ransomware last year.

Cyberattacks Growing in Frequency, Severity, and Complexity

Triple I Blog, SonicWall in the News: In 2021, there were 623.3 million cyberattacks globally, with U.S. cyberattacks rising by 98 percent, according to cybersecurity firm SonicWall. Almost every threat increased in 2021, particularly ransomware, encrypted threats, Internet of Things (IoT) malware, and cryptojacking, in which a criminal uses a victim’s computing power to generate cryptocurrency.

Cyber Prevention or Mitigation… Why Can’t It Be Both?

IDG Connect, SonicWall in the News: As it stands, ransomware remains the biggest threat to organisations. According to SonicWall, the past year witnessed 623.3 million ransomware attacks across the world, a 105% increase compared to the previous year.

SonicWall Capture ATP Once Again Receives the Highest Score in the ICSA Labs Test

InfoPointSecurity (Deut), SonicWall in the News: SonicWall has received an astonishing five consecutive perfect results in the test against some of the most unknown and rigorous threats – unprecedented performance among the tested providers, said Bill Conner, President and CEO of SonicWall.

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: “But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.”

Cyberwar Zone: Biden, Experts Warn Business Attacks are Coming

Virginia Business, SonicWall in the News: But many cybercrimes go unreported, and private sector numbers paint a far worse picture. Cybersecurity firm SonicWall reports that its researchers recorded 623.3 million ransomware attacks worldwide in 2021 — a 105% increase from 2020.

What Should You Do If Your Brand is the Target of a Data Breach?

TFL, Threat Report Mention: The same is true in the U.S., with ransomware attacks, alone, rising by almost 100 percent in 2021 according to SonicWall’s 2022 Cyber Threat Report.

Industry News

Experts Analyze Conti and Hive Ransomware Gangs’ Chats with Their Victims

Hacker News: A four-month analysis of chat logs that spans more than 40 conversations between Conti and Hive ransomware operators and victims is giving cybersecurity analysts new insights into the inner workings of negotiations. One exchange claims that the Conti Team significantly decreased ransom demand from $50 million to $1million, a 98% drop. This suggests a willingness to settle with a lower amount.

The report explains that both Hive and Conti are quick to lower ransom demand, routinely offering substantial decreases multiple times during negotiations. It shows that ransomware victims have at least some negotiating power, contrary to popular belief.

Conti and Hive are among the most prevalent ransomware strains in the threat landscape, cumulatively accounting for 29.1% of attacks detected during the three months between October and December 2021.

Conti Ransomware Source Code Leaked on Twitter Out Of Revenge

Bleeping Computer: After the much of the people behind the Conti Ransomware operation supported Russia in the invasion of Ukraine, a Ukrainian researcher called ‘ContiLeaks’ decided to leak source code and data belonging to the ransomware group as his revenge. The leaked source code was a modified version of the Conti ransomware operations, according to the report.

The researcher also published nearly 170,000 chat messages between Conti ransomware gang members last month. These conversations, spanning 2021 and part of 2022, illuminates the operational processes, their activities, how members are involved, and even some insight into organizational structure and the distribution of money.

The researcher leaked the Conti ransomware source code on September 15, 2020. Although the code was quite old, it enabled researchers and law enforcement to understand the malware’s workings better. He then leaked Conti version 3 with a last mod date of January 25, 2021.

Washington Post also noted that thanks to the leaks, authorities now have a better picture of cybercriminals’ personalities, quirks, and habits that have run rampant over U.S. institutions. It also shows how Russia’s invasion of Ukraine has split some criminal gangs.

Emotet is Back From ‘Spring Break’ With New Nasty Tricks

Threat Report: Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. According to recent research, that new approach includes more targeted phishing attacks, unlike the previous spray-and-pray campaigns.

According to a Tuesday report, Proofpoint analysts linked this activity to the threat actor known as TA542, which since 2014 has leveraged the Emotet malware with great success.

Emotet, once dubbed “the most dangerous malware,” is being leveraged in its most recent campaign to deliver ransomware. For years, those behind distributing the malware have been in law enforcement’s crosshairs. In January 2021, authorities in Canada, France, Germany, Lithuania, the Netherlands, Ukraine, the United Kingdom and the United States worked together to take down hundreds of botnet servers supporting Emotet as part of “Operation LadyBird.”

Bleeping Computer also reported that the Japan CERT had released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. The new 64-bit loader and stealer versions make existing detections less useful. Furthermore, the EmoCheck tool could no longer detect the new 64-bit Emotet versions with this switch. Last week, JPCERT released EmoCheck 2.2 to support the new 64-bit versions and can now catch them, which is safely downloadable from Japan CERT’s GitHub repository.

Russia to Rent Tech-Savvy Prisoners to Corporate IT?

Krebs on Security: Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation’s prison population to perform low-cost IT work for domestic companies.

Multiple Russian news outlets published stories on April 27 saying the Russian Federal Penitentiary Service had announced a plan to recruit IT specialists from Russian prisons to work remotely for domestic and commercial companies.

Russians sentenced to forced labor will serve out their time at one of many correctional centers across dozens of Russian regions, usually at the center that is closest to their hometown. Alexander Khabarov, deputy head of Russia’s penitentiary service, said his agency had received proposals from businesspeople in different regions to involve IT specialists serving sentences in correctional centers to work remotely for commercial companies.

Khabarov told Russian media outlets that under the proposal, people with IT skills at these facilities would labor only in IT-related roles but would not be limited to working with companies in their own region.

The 10 Largest Data Breaches Ever Reported in Healthcare

Beckers Hospital Review: Data breaches in healthcare can cause widespread damage, including the loss of medical records, financial losses for the organization, identity theft and fraud, lawsuits, and a loss of patient trust. Now the industry is more at risk of severe cyberattacks than ever before. The report goes on to list the biggest data breaches ever reported. The story was also reported by Pulse Headlines.

Chinese Hackers Took Trillions in Intellectual Property From About 30 Multinational Companies

CBS News: A yearslong malicious cyber operation spearheaded by the notorious Chinese state group, APT 41, has siphoned off estimated trillions of dollars in intellectual property theft from approximately 30 multinational companies within the manufacturing, energy and pharmaceutical sectors.

The story was chiefly compiled by cybersecurity firm, Cybereason, and reveals a malicious campaign — dubbed Operation CuckooBees — exfiltrating hundreds of gigabytes of intellectual property and sensitive data, including blueprints, diagrams, formulas, and manufacturing-related proprietary data from multiple intrusions, spanning technology and manufacturing companies in North America, Europe, and Asia.

The report explains that the intellectual property stolen includes blueprint diagrams of fighter jets, helicopters, missiles, and drugs around diabetes, obesity, and depression. But, the worst part, the campaign reportedly has not yet been stopped.

In a related story reported by The Hacker News, the China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. The group has targeted a wide range of organizations since at least 2012, with the actor primarily relying on email-based social engineering to gain initial access to drop PlugX, a backdoor predominantly deployed for long-term access.

In Case You Missed It

Enjoy the Speed and Safety of TLS 1.3 Support – Amber Wolff

Four Cybersecurity Actions to Lock it All Down – Ray Wyman

Understanding the MITRE ATT&CK Framework and Evaluations – Part 2 – Suroop Chandran

Five Times Flawless: SonicWall Earns Its Fifth Perfect Score from ICSA Labs – Amber Wolff

NSv Virtual Firewall: Tested and Certified in AWS Public Cloud – Ajay Uggirala

How SonicWall’s Supply-Chain Strategies Are Slicing Wait Times – Amber Wolff

SonicWall SMA 1000 Series Earns Best-Of Enterprise VPNs Award from Expert Insights – Bret Fitzgerald

World Backup Day: Because Real Life Can Have Save Points Too – Amber Wolff

CRN Honors SonicWall With 5-Star Rating in 2022 Partner Program Guide – Bret Fitzgerald

Cyberattacks on Government Skyrocketed in 2021 – Amber Wolff

Meeting the Cybersecurity Needs of the Hybrid Workforce – Ray Wyman

Third-Party ICSA Testing – Perfect Score Number 4 – Kayvon Sadeghi

Ransomware is Everywhere – Amber Wolff

Shields Up: Preparing for Cyberattacks During Ukraine Crisis – Aria Eslambolchizadeh

Capture Client 3.7: Rapid Threat Hunting with Deep Visibility and Storylines – Suroop Chandran

2021 Threat Intelligence Shows Attacks Rising Across the Board – Amber Wolff

Break Free with SonicWall Boundless 2022 – Terri O’Leary

SonicWall’s Bob VanKirk, HoJin Kim & David Bankemper Earn 2022 CRN Channel Chief Recognition – Bret Fitzgerald

Enjoy the Speed and Safety of TLS 1.3 Support

The best products tend to stick around for a while. In the first two years that the Ford Mustang was manufactured, 1965 and 1966, roughly 1.3 million cars rolled off assembly lines in Dearborn, Mich.; Metuchen, N.J.; and Milpitas, Calif. Of those, a remarkable 350,000 are still on the road today — and with proper care, still getting from Point A to Point B just as well as they did during the Johnson Administration.

But aesthetics aside, does that make them a good choice for a daily driver today? In a crash test with any modern vehicle (or a race with any of today’s Mustangs), the first-generation Mustang would be completely overwhelmed. Safety features we take for granted, such as airbags, lane-keep assist, blind spot detection and anti-lock brakes, are absent. These cars might do fine for the occasional Sunday spin around town. But would you put your family in one?

When a product forms the boundary between something precious and grave disaster, you want that product to be as safe as possible. This also holds true for another Milpitas innovation: SonicWall firewalls. To know whether your current choice is still the right choice, it helps to look at what innovations have occurred since then, and whether they were incremental improvements or giant leaps forward. In the case of TLS 1.3 encryption support, it’s unquestionably the latter.

TLS 1.3 is the latest version of transport layer security, which offers reliable encryption for digital communications over the internet. And as with the Mustang before it, modern innovations have led to sizeable leaps in two areas: safety and performance.

TLS 1.3: Safety First

Since the original SSL technology was introduced in 1994, each new version has worked to solve the problems of the previous versions while also maintaining compatibility with those versions. But, unfortunately, maintaining backward compatibility meant leaving in many unnecessary or vulnerable ciphers.

These legacy ciphers made the encryption susceptible to attack, offering attackers a vector through which to circumvent newer security advances in favor of older and weaker protection. A few of the ciphers that persisted up through TLS 1.2 were so weak that they allow an attacker to decrypt the data’s contents without having the key.

TLS 1.3 represents a fundamental shift in this philosophy. Due to a sharp increase in attacks, such as Lucky13, BEAST, POODLE, Logjam and FREAK, which depend on such vulnerabilities for transmission, the Internet Engineering Task Force (IETF) opted to remove these ciphers altogether — and the resulting TLS 1.3 is vastly more secure because of it.

It’s also more private. In previous versions, including 1.2, digital signatures weren’t used to ensure a handshake’s integrity — they only protected the part of the handshake after the cipher-suite negotiation, allowing attackers to manipulate the negotiation and access the entire conversation.

In TLS 1.3, the entire handshake is encrypted, and only the sender and the recipient can decrypt the traffic. This not only makes it virtually impossible for outsiders to eavesdrop on client/server communications and much harder for attackers to launch man-in-the-middle attacks, it also protects existing communications even if future communications are compromised.

TLS 1.3: Safety Fast

With TLS 1.3, the handshake process isn’t just more secure — it’s faster, too. The four-step handshake required with TLS 1.2 necessitated two round-trip exchanges between systems, introducing latency and taking up bandwidth and power.

These slowdowns especially affected the growing class of Internet of Things (IoT) devices, which have trouble handling connections requiring lots of bandwidth or power, but also tend to need encryption most due to weak onboard security.

However, with just a single key exchange and significantly fewer supported ciphers, TLS 1.3 uses considerably less bandwidth. And because it requires just one round trip to complete the handshake, it’s significantly faster. TLS 1.3’s zero round trip time (0-RTT) feature is even quicker: On subsequent visits, it offers a latency time equal to that of unencrypted HTTP.

Is Your Firewall Up to the Task?

Experts estimate that 80-90% of all network traffic today is encrypted. But many legacy firewalls lack the capability or processing power to detect, inspect and mitigate cyberattacks sent via HTTPs traffic at all, let alone using TLS 1.3 — making this a highly successful avenue for hackers to deploy and execute malware.

According to the 2022 SonicWall Cyber Threat Report, from 2020 to 2021, malware sent over HTTPS rose a staggering 167%. All told, SonicWall recorded 10.1 million encrypted attacks in 2021 — almost as many as in 2018, 2019 and 2020 combined.

With an average of 7% of customers seeing an encrypted attack in a given month, the odds your organization will be targeted by an attack this year are enormous. But if your firewall cannot inspect encrypted traffic — and increasingly, if it cannot inspect TLS 1.3 — you’ll never know it until it’s too late.

SonicWall Supports TLS 1.3 Encryption

SonicWall Gen 7 firewalls bring a lot to the table: They combine higher port density and greater threat throughput with comprehensive malware analysis, unmatched simplicity and industry-leading performance. But among the biggest game-changers in Gen 7 (and its predecessors capable of running SonicOS Gen 6.5) is its support for TLS 1.3 encryption.

SonicWall NGFWs with SonicOS Gen 6.5 and later offer full TLS inspection, decrypting data, checking it for potential threats, and then re-encrypting it for secure transmission — all while ensuring you retain optimal performance and comprehensive visibility.

After all, as in the case of the classic Mustang, there’s no blind spot detection for firewalls that can’t handle today’s encrypted traffic — and these legacy solutions are easily outclassed when going head-to-head. Don’t let yesterday’s firewalls leave unprotected gaps in your network: Upgrade to SonicWall Gen 7 today.


Four Cybersecurity Actions to Lock it All Down

You are not paranoid; cybercriminals really are trying to hack your security and steal your information. And the proof is in the numbers.

According to the 2022 SonicWall Cyber Threat Report, there were 623 million ransomware attacks globally, a 105% increase over 2020. There was also a sharp triple-digit increase in encrypted threats, rising to an astounding 10 million attacks. And as if you didn’t have enough to worry about, cryptojacking is on an upswing with 97 million incidents recorded, a 19% increase year-over-year.

Some people may choose to ignore the data and throw caution to the wind. If they’re lucky, a hack will be a minor inconvenience, and their anti-virus software will stop the malware before it can cause serious damage. However, if they’re among the growing thousands of victims each year, hackers will force them to pay a ransom for their precious data, steal their identity or just wipe out their devices completely.

And you wonder, what could be worse?

One hack of a single individual can lead to a cascade of hacks and much larger problems. For instance, hackers can break into your personal computer without you knowing it, add malware to one of your devices that unpacks wherever you go, bypassing firewalls and other security, straight into your home network, friend’s home, the library, and your workplace.

We all could stand to be a little more careful. A “cybersecure mindset” protects you, your devices, and your data and everywhere you connect your devices. So, when we say, “Be Cyber Smart and Lock It Down,” what we mean is taking personal responsibility for not only how you connect but also actions you take to keep yourself secure.

Here are FOUR COUNTERMEASURES that everyone can use to level up and lock it down:

1.    PROTECT yourself.

Start with passwords and lockdown your devices, software and information with strong ones that protect you from becoming an easy hack. There are some basic rules for good passwords. The first is the length – a minimum of 14 characters but 16 is better, with a mix of uppercase and lowercase letters, plus numbers: security experts recommend at least 4 non-repeating numbers. And don’t forget symbols (ex: @ # $), at least one but two is better. Check with your service provider; they may have specific requirements like the length and number, and type of symbols. One very important rule: ensure that your passwords are unique for each use. Avoid obvious sources like your address, recognizable names, dates, and phone numbers. Avoid any information that someone may learn by reading your social media profiles. Another important rule, USE YOUR PASSWORDS and turn on two-step authentication (2FA) wherever you can. Many phones allow biometric recognition to validate you and simplify logging in for each access. There’s more to know about passwords, check out this article we found from Help Net Security.

2.    PROTECT your personal identification.

Privacy is a matter of personal choice. We want to open some things for the sake of convenience (shopping and health apps, for instance). However, the privacy settings you set on your devices and apps could also open you up to hacks. Being “smart” about your cybersecurity means knowing how hackers attack devices and steal information from open apps. It also means being aware of where your personal information winds up. Security experts recommend that you set your privacy settings based on actual need for specific tasks. For instance, change your privacy settings when conditions change, like when traveling or using public networks (e.g., coffee shop Wi-Fi, more on that later).

3.    PROTECT your data.

Maybe it seems obvious, but your data (photos, reports, accounting, proprietary documents) are your most vulnerable possessions. We also want to take extra care of our social security numbers, bank accounts, and credit card numbers. And all of that is at risk when we leave it in open apps (no password) or send it on unencrypted emails. So please keep it safe and LOCK IT DOWN! And be very wary of phishing campaigns. Hackers use any means they can to break into your devices and network. For example, they’ll spoof organizations you trust, friends, family members, co-workers, or even your boss. Phishing messages can come by email or phone text. Some of these messages look very authentic. We’ll go into more detail about how to detect phishing messages in another post, but you can make a personal policy to never share private information via email or text with anyone.

4.    PROTECT your devices.

If you didn’t know already, public Wi-Fi hotspots are not secure. Unfortunately, that means the public hotspots at your favorite coffee shop, restaurants, shopping malls, libraries, and especially airports. With minimal knowledge and equipment, hackers can scan unencrypted data streams that contain passwords and account information that you send and receive. Several years ago, scammers took it further and created elaborate spoof Wi-Fi networks with name and branding marks similar to what people expected. However, there are several things you can do to lock it down:

  • Turn off the Wi-Fi auto-connect feature on your devices. Turn it back on when you need it and choose the networks you want to use.
  • Use secure wireless networks that have WPA or WPA2 password protection. Unfortunately, these are uncommon for places like the local coffee shop or the airport, so they may be challenging to find.
  • Install mobile security software with malware and virus detection for laptops, pads, and phones. You may also install a VPN (a virtual private network) that encrypts your data stream even if the Wi-Fi network does not.

Do what it takes to adopt a Cybersecure Mindset.

Remember that when it comes to cybersecurity, the human element can be the strongest or weakest point in the armor.

Human behavior is without doubt the biggest culprit in IT security incidents. This is evident in email phishing. It deceives people into clicking on malicious links or attachments. This makes it difficult to distinguish between legitimate emails and potential threats. According to a study by Myers-Briggs, a research company based in the UK, 80% of companies believe human factors, such as mistakes or leniency with login security, are a major cause of cybersecurity risk. Therefore, it is vital that we do what it takes to adopt a ‘cybersecure mindset’ to protect our homes, communities and our workplaces.

Being aware is not being paranoid; it recognizes that cybercriminals really are trying to hack our security, steal our property, and do us great damage.


Understanding the MITRE ATT&CK Framework and Evaluations – Part 2

(Note: In Part 1, we explained the MITRE ATT&CK framework and how security products are evaluated for detection efficacy and efficiency. Check it out here if you haven’t already.)

With attacks rising almost across the board, ensuring your security posture is up to date has never been more critical. But as a CISO, navigating through various cybersecurity vendors’ positions can be a real challenge. How can you know that you’re actually getting what you’re paying for? Here are a few critical pointers:

  • Be wary of excessive misses, delays and config changes: Vendors that have lots of delays are getting credit for detections using means typically outside of the tool’s normal workflow — which means your people will have to do the same thing. Vendors with lots of config changes felt the need to modify their detection capabilities in the middle of the test. Try to understand whether these changes are understandable or if the test was being gamed.
  • Be wary of high Telemetry numbers and low Techniques numbers: Vendors that trumpet their big Telemetry numbers without many Techniques have a tool that does not automate the correlation of events. This means your people will have to do it manually or that there may be significant delays and inaccuracy in connecting the dots. Delays here lead to delays in response, and that leads to more risk.
  • Be wary of vendors that invent their own scoring systems: We’ve seen many vendors obfuscating poor results with statistics and numbers that make them look good but are complete nonsense. Stats like “Context per alert” and “100% Detection” (when a closer look shows there clearly were missed detections) are silly. Read the fine print.

Capture Client and the MITRE ATT&CK Framework

SonicWall’s Capture Client is powered by SentinelOne, which delivers best-in-class autonomous endpoint protection with next-gen antivirus, EDR (endpoint detection and response), and Deep Visibility. SentinelOne has been a participant in the MITRE ATT&CK Evaluations since 2018 and was a top performer in the 2022 Evaluations (emulating Wizard Spider and Sandworm threat groups). Here is a quick summary of how SentinelOne leads in protection against the attacks better than any other vendor.

  1. Autonomous Protection Instantly Stops and Remediates Attacks
    Security teams demand technology that matches the rapid pace at which adversaries operate. MITRE Protection determines the vendor’s ability to rapidly analyze detections and execute automated remediation to protect systems.
    Delivered 100% Protection: (9 of 9 MITRE ATT&CK tests)
  2. The Most Useful Detections are Analytic Detections
    Analytic detections are contextual detections that are built from a broader data set and are a combination of technique plus tactic detections.
    Delivered 100% Detection: (19 of 19 attack steps)
    Delivered 99% – Highest Analytic Coverage: (108 of 109 detections)
  3. Detection Delays Undermine Cybersecurity Effectiveness
    Time plays a critical factor whether you’re detecting or neutralizing an attack. Organizations that want to reduce exposure need to have real-time detections and automated remediation as part of their security program.
    Delivered 100% Real-time (0 Delays)

  4. Visibility Ensures That No Threats Go Undetected
    Visibility is the building block of EDR and is a core metric across MITRE Engenuity results. In order to understand what’s going on in the enterprise as well as accurately threat hunt, cybersecurity technology needs to create a visibility aperture. The data needs to be accurate and provide an end-to-end view of what happened, where it happened, and who did the happening regardless of device connectivity or type.


The MITRE Engenuity ATT&CK Evaluations continue to push the security industry forward, bringing much-needed visibility and independent testing to the EDR space. As a security leader or practitioner, it’s important to move beyond just the numbers game to look holistically at which vendors can provide high visibility and high-quality detections while reducing the burden on your security team. CISOs will find these product-centric tenets to be compatible with the spirit of MITRE Engenuity’s objectives:

  1. EDR Visibility and Coverage Are Table Stakes: The foundation of a superior EDR solution lies in its ability to consume and correlate data economically and at scale by harnessing the power of the cloud. Every piece of pertinent data should be captured — with few to no misses — to provide breadth of visibility for the SecOps team. Data, specifically capturing all events, is the building block of EDR and should be considered table stakes and a key MITRE Engenuity metric.
  2. Machine-Built Context and Correlation Is Indispensable: Correlation is the process of building relationships among atomic data points. Preferably, correlation is performed by machines and at machine speed, so an analyst doesn’t have to waste precious time manually stitching data together. Furthermore, this correlation should be accessible in its original context for long periods of time in case it’s needed.
  3. Console Alert Consolidation Is Critical: “More signal, less noise” is a challenge for the SOC and modern IR teams who face information overload. Rather than getting alerted on every piece of telemetry within an incident and fatiguing the already-burdened SOC team, ensure that the solution automatically groups data points into consolidated alerts. Ideally, a solution can correlate related activity into unified alerts to provide campaign-level insight. This reduces manual effort, helps with alert fatigue and significantly lowers the skillset barrier of responding to alerts. All of this leads to better outcomes for the SOC in the form of shorter containment times and an overall reduction in response times.

For a first-hand look at how Capture Client delivers best-in-class protection and detection, click here for a free trial.