InterceptX MITRE Att&ck Evaluation Performance?

Question

After not participating in MITRE Att&ck Evaluation rounds 1 and 2, Sophos did participate in round 3 but the results appear to be near the bottom of the participants. 
 I do not purport to be an expert on the MITRE Att&ck Evaluation process or its relevance to any specific customer base but I am curious what Sophos's response would be to customers or prospective clients if they were to suggest the results were indicative of the product quality. 
 I'm sure the question comes up. How does Sophos assess their performance in the evaluation?

Maxim-Sophos · Accepted Answer

Hi Patrick, 
 As you say, this was our first time participating in the ATT&CK Evaluation. Even though our product wasn't really optimized for this form of testing, we still demonstrated an ability to disrupt, detect, and provide visibility into large portions of the attack chain. In other words, a Sophos Intercept X w/EDR customer in a real-world situation would have been protected and would have been able to use the product to investigate what was happening. 
 We learned a lot from this process, including areas to improve the product's real-world capabilities (many of which are already implemented) and things we need to do to make the product work better for future rounds of the evaluation. We're proud to have participated, and we look forward to doing so again in the future. 
 Regards, Maxim

InterceptX MITRE Att&ck Evaluation Performance?

Top Replies