ESET’s Detection and Response Capabilities Tested


ESET has announced the participation of ESET Inspect in the fourth round of the MITRE Engenuity ATT&CK® Evaluations for Enterprise. This round of the ATT&CK Evaluations emulated the Wizard Spider and Sandworm threat groups, collecting results from 30 participating vendors and highlighting ESET’s research into Sandworm, especially the discovery of the Exaramel backdoor.

The ATT&CK Evaluations prioritize threat groups that can have a significant impact on businesses and governments worldwide. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organizations, ranging from major corporations to hospitals. Sandworm is a cyberespionage threat group that is known for carrying out destructive attacks, such as the 2015 and 2016 disruptions of Ukraine’s electrical power grid and the 2017 NotPetya outbreak.

The detection scenarios of the evaluation consisted of 10 steps for Wizard Spider and 9 for Sandworm. As support for Linux in ESET Inspect was released after the evaluation, four steps related to Sandworm were out of scope. ESET Inspect detected all of the 15 applicable steps (100%). The evaluation categorized the level of context provided by the vendor’s tool and you can read more in ESET’s in-depth analysis of the results in this blogpost.

“ESET believes in taking a multi-layered, high performance approach to developing our detection technologies. ESET Inspect is the foundation of our extended detection and response (XDR) capabilities and works together with ESET PROTECT security platform to offer a complete solution that is optimized for ease of use,” said ESET Chief Research Officer, Roman Kováč. “We have been tracking Sandworm since its inception, being the first to identify the work of its subgroups BlackEnergy and TeleBots and to discover the origin of the NotPetya outbreak. For us, it’s critical to keep ahead of the curve with our telemetry and put our solutions to the test through the expert lens of the MITRE Engenuity team.”

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said Ashwin Radhakrishnan, acting General Manager of ATT&CK Evaluations at MITRE Engenuity.