Mountain View, Calif. – April 22, 2020 – SentinelOne, the autonomous cybersecurity platform company, today released its results from the MITRE ATT&CKTM APT29 report. Out of the 29 endpoint vendors evaluated, SentinelOne was the product-driven EDR performance leader with the lowest number of missed detections — showcasing the company’s success in defeating every attack, at every second across all major enterprise attack surfaces by empowering security team efficiency with unprecedented actionable threat context and visibility.
SentinelOne Singularity was evaluated on its ability to detect attack techniques deployed by APT29, a threat group that has been attributed to the Russian government. By integrating the MITRE framework with its ActiveEDR, Singularity eliminates the traditional and manual work required by analysts to correlate and investigate their findings. Automatically, security personnel can discover where an attack is coming from, what the attack is attempting to compromise, and actionable insight into how to fix it — autonomously preventing and remediating the threat without human intervention.
Key outcome related results from the MITRE evaluation include:
– SentinelOne achieved the highest number of combined high-quality detections and the highest number of automated correlations. Analysts are drowning in data, and simply aren’t able to keep up with sophisticated attack vectors. Singularity helps turn data into stories, so analysts can focus on the alerts that matter most.
– SentinelOne grouped all data over the 3-day MITRE test into a mere 11 console alerts, with each alert containing all the details within. Fewer alerts in the management console are better than more alerts, and Singularity successfully grouped together relevant related data, context, and correlation, making it easier for analysts to understand and act.
– SentinelOne had the highest number of tool-only detections and the highest number of human/MDR detections. High scores in both these areas showcase that Singularity can detect threats without the support of additional tools and proves Vigilance Managed Detection and Response (MDR) provides a world-class SOC service on top of a world-class product.
“Today’s EDR platforms must be able to consume and correlate data at scale or they will fail,” said Chris Bates, CISO, SentinelOne. “CISO’s don’t want or need more data — they want context and intelligence to make existing data actionable and meaningful within the MITRE framework. Singularity’s performance in the APT29 report delivers on our promise of unrivaled product innovation, offering a comprehensive view of the entire enterprise to help organizations defend against every attack, at every stage in the threat lifecycle, through a singular autonomous platform.”
SentinelOne was one the first endpoint companies to correlate alerts in product with the MITRE ATT&CK framework, embrace the MITRE ATT&CK Endpoint Protection Product Evaluation, and incorporate the MITRE ATT&CK framework as the new threat hunting standard, demonstrating the company’s leadership in providing immediate and enriched threat context and visibility within the MITRE framework.