CrowdStrike has achieved 100 per cent detection and 100 per cent protection with no false positives in the 2025 MITRE ATT&CK Enterprise Evaluations, marking a significant milestone in what MITRE describes as the most technically challenging assessment in the program’s history. The results follow MITRE’s first real-world cross-domain adversary emulation, designed to test whether security platforms can stop attacks moving fluidly across identity, endpoint and cloud environments.
The 2025 evaluation model went beyond traditional endpoint testing and examined full platform capabilities, reflecting how modern threats now operate across multiple domains. MITRE emulated tactics used by Chinese state-sponsored espionage group MUSTANG PANDA and the eCrime group SCATTERED SPIDER – both known for stealthy, multi-layered intrusions that compromise identity systems, move laterally and exploit cloud resources. Early-stage techniques were also included, challenging participating platforms to detect and contain activity before attackers could establish persistence or escalate privileges.
CrowdStrike president Michael Sentonas said the company participated in the expanded test to provide transparency into which platforms possess the architecture necessary to stop real-world, cross-domain threats. “These were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats. Delivering 100 per cent detection, 100 per cent protection and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform – complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response.”
Across MITRE’s full attack chain, the Falcon platform detected every technique exercised and prevented all malicious activity, including credential abuse attempts, lateral movement, cloud exploitation and identity-based attacks. CrowdStrike says the results demonstrate the architectural advantage of an integrated, single-platform approach, rather than a collection of point solutions stitched together.
The evaluation underscores how adversaries increasingly blend cloud, identity and endpoint compromises as part of a single intrusion, and highlights the need for unified security platforms capable of monitoring and stopping activity across these boundaries in real time.
