Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 10 replies
  • Subscribers 19 subscribers
  • Views 2383 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

InterceptX MITRE Att&ck Evaluation Performance?

Patrick Botelli

After not participating in MITRE Att&ck Evaluation rounds 1 and 2, Sophos did participate in round 3 but the results appear to be near the bottom of the participants.

I do not purport to be an expert on the MITRE Att&ck Evaluation process or its relevance to any specific customer base but I am curious what Sophos's response would be to customers or prospective clients if they were to suggest the results were indicative of the product quality.

I'm sure the question comes up. How does Sophos assess their performance in the evaluation?



This thread was automatically locked due to age.
Parents
  • +1

    Hi Patrick,

    As you say, this was our first time participating in the ATT&CK Evaluation. Even though our product wasn't really optimized for this form of testing, we still demonstrated an ability to disrupt, detect, and provide visibility into large portions of the attack chain. In other words, a Sophos Intercept X w/EDR customer in a real-world situation would have been protected and would have been able to use the product to investigate what was happening.

    We learned a lot from this process, including areas to improve the product's real-world capabilities (many of which are already implemented) and things we need to do to make the product work better for future rounds of the evaluation. We're proud to have participated, and we look forward to doing so again in the future.

    Regards,
    Maxim

  • 0 in reply to Maxim-Sophos

    Maxim,

    Thanks for the background. As a customer, I have not had any complaints about our Sophos protection but during annual renewal our CTO requests that we conduct vendor review to make sure we remain up to date with current market offerings. One of these latest things is MITRE Att&ck Evaluation results which honestly seems like a perfectly valid baseline given MITRE's independent position.

    At the end of the day it is about protection results, but as a customer (or prospective customer) I need Sophos to track closely with these emerging de facto baselines which other competitors/leaders in the space already do.

    It seems you agree about the reasonableness of these expectations and are taking steps to meet them.

Reply
  • 0 in reply to Maxim-Sophos

    Maxim,

    Thanks for the background. As a customer, I have not had any complaints about our Sophos protection but during annual renewal our CTO requests that we conduct vendor review to make sure we remain up to date with current market offerings. One of these latest things is MITRE Att&ck Evaluation results which honestly seems like a perfectly valid baseline given MITRE's independent position.

    At the end of the day it is about protection results, but as a customer (or prospective customer) I need Sophos to track closely with these emerging de facto baselines which other competitors/leaders in the space already do.

    It seems you agree about the reasonableness of these expectations and are taking steps to meet them.

Children
No Data
Unfiltered HTML