Skip Navigation
BlackBerry Blog

MITRE MDR Testing: CylanceMDR Goes Head to Head with Adversaries in MITRE Evaluation

CylanceMDR™ is a 24x7 managed detection and response solution, powered by industry-leading Cylance® AI combined with expert support from highly seasoned threat hunters and SOC analysts to deliver round-the-clock threat protection.  

The latest MITRE Engenuity ATT&CK® Evaluations for managed services confirm that CylanceMDR detects threats from the start of the attack chain and delivers actionable alerts at each critical point. With detailed reports for clear communication, BlackBerry ensures that customers are well-informed and can take decisive action.

At the same time, CylanceMDR generated fewer overall alerts than many competing MDR services. This increased efficiency by reducing noise in the Security Operations Center (SOC) while still ensuring optimal security outcomes.  

BlackBerry is one of just eight vendors in the market that have participated in both MITRE evaluations for MDR and services.  

Understanding the MITRE ATT&CK Evaluations

MITRE ATT&CK® Evaluations are independent assessments designed to test the effectiveness of cybersecurity solutions. They focus on real-world attack emulations, leveraging the extensive MITRE ATT&CK® knowledge base. This year’s evaluation centered on two well-known threat actors:

menuPass (G0045), a sophisticated Chinese-based group active since 2006

  • The group is believed to be sponsored by the Chinese Ministry of State Security.
  • It is known for exfiltrating sensitive data such as intellectual property and business intelligence.
  • Targets sectors like aerospace, construction, engineering, government, and telecommunications, primarily in the U.S., Europe, Japan, and Southeast Asia.
  • Uses sophisticated techniques like living-off-the-land, fileless execution, and obfuscation.

ALPHV/BlackCat, a prolific Russian-speaking ransomware-as-a-service (RaaS) group that emerged in 2021

  • An aggressive group linked to other notorious entities like BlackMatter, DarkSide, and REvil.
  • Utilizes ransomware coded in Rust for enhanced performance and cross-platform capabilities.
  • Known for its global reach and the ability to cripple business operations through data encryption and destruction.

MITRE never declares any winners in its evaluations but sees great value in doing them:  

“The evaluations do not rank vendors and their solutions; however, organizations can use the results to determine which vendors and solutions may best address their own cybersecurity gaps and fit their particular business needs.”

Top MITRE Test Results for CylanceMDR

If your organization needs to stop attacks with fewer alerts, you’ll be pleased to see the findings for CylanceMDR. Here are some of the results. 
Reduced Alert Fatigue 
During the evaluation, BlackBerry generated 75% fewer alerts than the top alert-issuing vendor. Although the MITRE ATT&CK Evaluations put emphasis and focus on detection, this also introduces a significant amount of noise into the SOC.

By design, our Cylance AI makes automated decisions on behalf of the user to effectively stop attacks before they can cause damage and with fewer alerts, reducing alert fatigue for security teams. 

Effective Threat Detection 
The CylanceMDR platform, powered by the Cylance® suite of cybersecurity solutions, identified threats right from the onset of the emulated attack. BlackBerry ranked among the top 5 for actionable threat detections. 

Superior Threat Visibility 
With a mix of detected activities plus observed tactics, techniques, and procedures (TTPs), and forensic analysis, the BlackBerry team accurately pinpointed the threat actors menuPass and BlackCat/ALPHV early in both simulated scenarios, along with the malware they deployed in the emulated attack.

Proactive Security Measures 
CylanceMDR effectively detected and recommended remediation for the most critical phases of the attack in both test scenarios.

Comprehensive Support 
Beyond issuing alerts for immediate actions and timely escalations, the CylanceMDR team provided detailed daily reports summarizing each day's activities, underscoring BlackBerry’s commitment to in-depth analysis and reporting.


The latest round of MITRE Engenuity ATT&CK Evaluations highlights the critical need for robust, adaptive security solutions in the face of sophisticated adversaries.

CylanceMDR offers 24x7 SOC support, AI-driven security, and a continuous engagement model to achieve best-in-class protection while simultaneously reducing the alerting load that can burn out security teams. CylanceMDR also offers a $1M guarantee to eligible customersand is your partner in maintaining security and resilience. 

For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.
Kirin Sennik

About Kirin Sennik

Kirin Sennik is Global Product Marketing Manager, Cybersecurity Solutions at BlackBerry.


Bruce Sussman

About Bruce Sussman

Bruce Sussman is Senior Managing Editor at BlackBerry.