Atos participates in MITRE Engenuity’s first ever ATT&CK® Evaluations of Managed Services and successfully reports detections across all ten steps
Paris, November 22, 2022
Atos, a global leader in Managed Detection and Response services (MDR), is proud to announce that it achieved 100% coverage of steps in MITRE's Engenuity ATT&CK® evaluations for managed services. The assessment from MITRE analyzes the performance of 16 providers and evaluates whether a given ATT&CK Technique was reported or not, as opposed to whether the evaluated vendor detected it.
The MITRE Engenuity red team emulated a state-sponsored threat actor's tactics and techniques and evaluated each vendor's threat defense capabilities. The scope of the review focused on reported behavior if an attack was to continue uninterrupted, with prevention and response excluded from the evaluation.
As an MDR provider following the same format it uses for its clients, Atos rapidly uncovered adversary objectives using its technology and methodology designed to identify attacks early in the attack chain. It reported all steps of Evals' closed-book simulation of the state-sponsored threat actor. Atos’ reports focused on providing clients with actionable information, low false positives and reducing alert fatigue.
"More than half of organizations use security service providers to protect their data and networks. We wanted to research how they are employing threat-informed defense practices for their clients," said Ashwin Radhakrishnan, General manager, ATT&CK Evaluations, MITRE Engenuity. "We don't rank the vendors in our evaluations. Organizations, however, can use the evaluations to determine which service providers may best address their own cybersecurity gaps and fit their particular business needs."
This analysis of Atos' threat defense practices shows the detections that the Atos MDR team chose to report on and is not a competitive vendor analysis. The assessment provides insights on how each provider approaches threat defense within the ATT&CK framework and what tactic or technique they choose to report on based on relevance and the severity of the threat. Atos MDR's primary objective is to disrupt an attack early and rapidly respond without drowning a customer with techniques detected. By identifying all steps of the attack, Atos has demonstrated its ability to successfully combat the type of sophisticated threats emulated by MITRE's red teams.
Vinod Vasudevan, Global CTO for MDR & Deputy Global CTO for Cybersecurity Services at Atos, said, "Atos is continuously benchmarking and improving our services by participating in industry-leading evaluations. We are proud to be an early MDR participant in the first-ever managed services review by MITRE. These MITRE evaluations were focused on endpoint detection use cases, and prevention and remediation of any kind were prohibited. As a result of this exercise with MITRE Engenunity, our customers will benefit from enhanced detection capabilities in our SOCs. This is yet another milestone in our journey of providing our customers with the best-in-class services."
For more details about the evaluations and their results, please visit https://attackevals.mitre-engenuity.org/managed-services/managed-services.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE's mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE's deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. www.mitre-engenuity.org
About MITRE Engenuity ATT&CK® Evaluations
ATT&CK® Evaluations (Evals) is built on the backbone of MITRE's objective insight and conflict-free perspective. Cybersecurity vendors turn to the Evals program to improve their offerings and to provide defenders with insights into their product's capabilities and performance. Evals enables defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology, using a collaborative, threat-informed, purple-teaming approach that brings together vendors and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity's commitment to serve the public good, Evals results and threat emulation plans are freely accessible.
Atos is a global leader in digital transformation with 112,000 employees and annual revenue of c. € 11 billion. European number one in cybersecurity, cloud and high-performance computing, the Group provides tailored end-to-end solutions for all industries in 71 countries. A pioneer in decarbonization services and products, Atos is committed to a secure and decarbonized digital for its clients. Atos is a SE (Societas Europaea) and listed on Euronext Paris.
The purpose of Atos is to help design the future of the information space. Its expertise and services support the development of knowledge, education and research in a multicultural approach and contribute to the development of scientific and technological excellence. Across the world, the Group enables its customers and employees, and members of societies at large to live, work and develop sustainably, in a safe and secure information space.
Lucie Duchateau | email@example.com | +33 7 62 85 35 10