BlackBerry Participates in MITRE Managed Services Evaluation
I’m pleased to share that BlackBerry participated in the inaugural MITRE Engenuity ATT&CK® Evaluations for Managed Services, with results announced today. As a company, we value transparency and are proud to be among the small cohort of industry-leading vendors that stand out in a crowded market with hundreds of MDR service providers.
For this particular evaluation, our managed extended detection and response (XDR) platform, CylanceGUARD®, was tested against the TTPs (tactics, techniques and procedures) of OilRig, an Iranian state-sponsored threat actor. OilRig is known for its sophisticated threat campaign targeting critical infrastructure, financial services, government, military, and telecommunications.
The evaluations employed a “black box” version of adversary emulation, with no visibility into the simulated attacks until after the execution was complete. Across all TTPs, CylanceGUARD effectively reported against the attack – successfully stopping progression in early stages of the kill chain.
BlackBerry Analysis of ATT&CK Evaluations
When considering outcomes from the cohort, it’s important to understand that MITRE Engenuity does not rank or rate the providers that take part in evaluations. It’s also important to note that the evaluation does not measure proactive protection against the assessed threats, neither response capabilities, but rather the detection potential for all the known techniques and sub-techniques the attack may use if it's allowed to progress indefinitely.
After examining the CylanceGUARD results, here is the BlackBerry analysis:
- We successfully demonstrated that OilRig would be unable to execute in an environment protected by CylanceGUARD, in part, because of our alert visibility. If this was a real-world attack by a sophisticated threat actor, progression would stop at Stage One, before the victim could suffer any negative impacts. This efficacy further underscores that, with BlackBerry’s Cylance AI-based approach, prevention is possible. Organizations don’t need to over-rotate on excessive detection alerts when an attack can be disrupted before it can ever unfold.
- MITRE provides an excellent and unbiased evaluation to understand the potential for an offering to detect and generate alerts. However, our operational philosophy and overall value proposition is to keep our trusted clients out of the business of sifting through alerts by focusing on stopping attacks instead of simply alerting on them. This nuance is critically important for our small and medium business (SMB) and mid-market customers, who do not have the capacity to action excess information, and for whom it holds limited tactical value. Simply put, CylanceGUARD is a managed service, built to avoid drowning your lean security teams in alerts that do not require their intervention, thanks to our AI-driven platform. To put this into perspective, BlackBerry was able to provide complete efficacy against OilRig while generating nearly 2,000 fewer alerts than other offerings in the cohort.
- Importantly, our CylanceGUARD team surfaces key details, both during and after an attack, so you have the data you need for a cyberinsurance claim or postmortem of any kind. The data is there, but there’s no need to “drown in it.” This is an especially valuable approach for SMBs and mid-market firms, who see our CylanceGUARD team as an extension of their team, providing exemplary protection and support. This aspect is something that was not measured in this particular test. However, CylanceGUARD customers resoundingly endorse the level of service and support they receive from our world-class analysts throughout the extended detection and response process.
We thank MITRE wholeheartedly for the tremendous opportunity of participating in this evaluation, and we will continue to analyze the results for every data point that helps us to improve our efficacy. After all, that’s why we joined the inaugural managed services cohort. As industry leaders, it is something we are proud to be part of, and we believe it to be an important part of protecting our connected world.
Enhanced Capabilities of CylanceGUARD
Our team is focused on continuously delivering enhancements to our CylanceGUARD managed XDR services offering, so it’s worth talking about what’s in store for our customers in the short term.
One of the major enhancements to CylanceGUARD is a more interactive and responsive dashboard, which will greatly increase both executive and analyst visibility into your risk status. This improved visibility will help foster enhanced security relationships with businesses.
CylanceGUARD customers will also benefit from deeper integration with BlackBerry’s best-in-class global threat intelligence, sourced from a highly respected internal team that is recognized as elite among the best — with first-place competitive wins at both the SOCX informed World Championship and DEF CON 29 Network Defense Competition. Threat intelligence gives you insights into threat-actor motivations so you can make well-informed decisions and take prompt effective actions, using actionable, factual data. This add-on service will provide organizations with a direct link to expert knowledge without inflating their payroll.
Growing Use of Managed Services
In our recent report, The Top 5 Cybersecurity Challenges — And What to Do About Them, we explored the impact of the cyber talent gap, fueling the increased use of managed services in security, particularly among SMBs and mid-market companies. MITRE has acknowledged this increase as well. This was the impetus to create the managed services evaluation.
“More than half of organizations use security service providers to protect their data and networks. We wanted to research how they are employing threat-informed defense practices for their clients,” said Ashwin Radhakrishnan, general manager, ATT&CK Evaluations, MITRE Engenuity.
If you have questions about BlackBerry’s performance in this evaluation or how you can get started with putting CylanceGUARD managed XDR services to work for you, please reach out.
BlackBerry and MITRE Partnership
BlackBerry is a proud member of the MITRE Engenuity Center for Threat-Informed Defense as a gold-tier affiliate. The Center is a collaborative R&D cybersecurity organization dedicated to bringing together the best security teams in the world. The privately funded group is committed to making actionable improvements in threat-informed defense, and sharing its work publicly, at no cost.