MITRE ATT&CK Evaluation Results 2024 – Cynet Became a Leader With 100% Detection & Protection

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running.

To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions.

Luckily, the 2024 MITRE ATT&CK Evaluation the most widely trusted resource to track which solutions are effective is now available. This practical guide distills key takeaways and advice to interpret the results.

Cynet was the only vendor to achieve 100% Visibility and 100% Protection in the 2024 Evaluation.

That means the All-in-One Cybersecurity Platform detected 100% of the threats tested in the Detection Phase and blocked 100% of the attacks simulated in the Protection Phase of the Evaluation. Moreover, Cynet achieved the 100% detection with no false positives. 

“These 2024 MITRE ATT&CK Evaluation results reflect our entire team’s commitment to secure success for Cynet partners, customers, and end users,” says Cynet Founder & CEO Eyal Gruner.

“Achieving 100% Detection Visibility and 100% Protection is a motivating milestone that affirms the compelling advantages Cynet’s All-in-One Cybersecurity Platform is enabling for organizations around the world.”

This 2024 performance is notable after Cynet made history in the 2023 MITRE ATT&CK Evaluation. It was the first time ever a vendor delivered 100% Visibility and 100% Analytic Coverage with no configuration changes.

However, it is important to note that MITRE does not rank vendors or declare “winners.” Cybersecurity leaders must interpret the data to determine which solution best fits their team’s unique needs. 

What is the MITRE ATT&CK Evaluation?

MITRE is a nonprofit foundation that supports private-sector companies in addressing challenges to create a safer world. Their annual ATT&CK Evaluation is widely regarded as the most impartial and rigorous technical assessment of competing security vendor solutions.

In this evaluation, MITRE simulates cyberattacks within a controlled lab environment to assess how vendor solutions respond to a standardized set of threats. Each solution is tested under identical conditions, eliminating external factors that could influence results in real-world deployments.

This methodology provides an in-depth analysis of how effectively a solution can detect and respond to a wide range of discrete attack steps. By leveraging techniques used by real-world threat groups, the evaluation ensures that each technique mirrors scenarios likely to occur in practice.

The ATT&CK Evaluation enables vendors to showcase their solution’s ability to detect these threats and provide detailed information on each detection, offering valuable insights into their performance.

MITRE ATT&CK Evaluation Results

Cynet delivered 100% detection visibility, perfectly detecting every attack action with no configuration changes and no delays.

The ability to detect threats is the fundamental measure of an endpoint protection solution.  Detecting attack steps across the MITRE ATT&CK sequence is critical for protecting the organization. Missing any step can allow the attack to expand and ultimately lead to a breach or other catastrophic outcomes.

This year, the attack sequence was executed over 16 steps, which were broken out into 80 malicious sub-steps. During Cynet’s testing, 3 of the sub-steps were not executed due to technical reasons and are considered N/A (not counted) which resulted in 77 total sub-step executed. Cynet detected every single one of the 77 sub-steps. Cynet had ZERO misses in this year’s MITRE testing and detected 100% of attacks over Windows and MacOS devices as well as Linux servers.

All 77 detections were performed without the need for configuration changes. Leaders reviewing vendor outcomes can see which vendors could accomplish detections only after they were allowed to make configuration changes.

Roughly half of the participating security vendors were unable to test all 10 attack steps planned for the Protection tests due to technical issues. MITRE was able to execute all 10 attack steps for Cynet. Cynet blocked every one of the 10 attacks steps – allowing no malicious activity to execute.

The following chart shows each participant’s Protection rate along with the number of steps blocked and number of steps executed (steps blocked/steps executed).

Protection measures whether any sub-step in a protection step was blocked. For example, if a step consisted of 5 sub-steps, a vendor could miss the first four, block the fifth and consider the entire step blocked. Cynet defines Prevention as how quickly (early) in each of the 10 attack steps the threat was prevented.

Prevention measures the percentage of sub-steps that were blocked from executing.  Ideally, a vendor would block the first sub-step in every step tested so that every subsequent sub-step was considered blocked.  Using this measure, Cynet is the only vendor to achieve 100% prevention – blocking every 21 protection sub-steps from being executed. 

Cynet is the leader in Overall Threat Visibility and Protection

The chart below compares each vendor’s overall visibility with the prevention rate. Prevention rate is used as it’s a more rigorous measure of the solution’s ability to block malicious attacks.

Conclusion

Partnering with the right cybersecurity vendor is one of the first and most effective steps you can take to enable the best protection possible for your organization or your clients.

The 2024 MITRE ATT&CK Evaluation results substantiate why Cynet’s All-in-One Cybersecurity Platform is an increasingly popular solution for fast-growing SMEs and MSPs. By demonstrating that highly effective protection can be truly intuitive and affordable, Cynet sets an example competing vendors must now strive to emulate.

Sign up to see Cynet in action today.