Symantec Endpoint Shines in the 2020 MITRE Engenuity ATT&CK® Evaluations

Symantec’s latest protection and detection innovations really delivered in the 2020 ATT&CK Evaluations, performed by MITRE Engenuity, that subjected the security offerings of 29 different vendors to 174 detection tests and 10 prevention tests. Results show Symantec Endpoint Security (SES) Complete delivers a powerful punch to attackers when it comes to protecting customers.

In this most recent ATT&CK Evaluation, MITRE Engenuity tested security solution performance against the tactics and techniques of the Carbanak and FIN7 threats. Symantec scored 100% in all prevention tests and 91% in all detection tests.  Not only is Symantec a clear leader in protection, no other endpoint protection vendor could match this high a level of combined protection and detection.

At Symantec, as a division of Broadcom, we focus on prevention to stop threats as soon as possible. We then use detection as another layer to find the most sophisticated of advanced threats. Without this balance, SOCs become overwhelmed with incidents and alerts, and attackers ultimately succeed. As a matter of fact, the overwhelming number of alerts seems to have created an industry crisis that is crushing the SOC and preventing them from focusing on the critical incidents detection products actually were built for.

In short, finding breaches is critical.  But preventing them is better – for efficacy and for focusing SOC attention. The ATT&CK Evaluation results show that some vendors put customers in the difficult and costly position of depending too much on detection instead of prevention.

Some competitors claim prevention parity with all leading providers, but that is not the case.

For example, Symantec’s Endpoint Security solution provides robust threat blocking capability where other solutions, such as CrowdStrike, are just not able to perform. SES Complete deploys a range of technologies that deliver proactive attack surface reduction and innovative attack prevention technologies providing the strongest defense against the hardest-to detect threats, particularly those that rely on stealthy malware, credential theft, file-less, and “living off the land” attack methods. Among these powerful technologies are:

• Advanced Machine Learning and Artificial Intelligence – which uses advanced device and cloud-based detection schemes to identify evolving threats across device types, operating systems, and applications. Attacks are blocked in real-time, so endpoints maintain integrity and negative impacts are avoided.
• Advanced Exploit Prevention – which combines sandboxing and file behavioral monitoring with technique-based blocking of in-memory zero-day exploits of vulnerabilities in popular software.
• Behavioral Isolation – which surgically limits behaviors of trusted applications with minimal operational impact but maximum protection from the dual-use techniques targeted attackers rely on.

These technologies are not options that customers never turn on – these are protecting over 100 million endpoints today.

Some providers claim that they have parity in detection, too.  But that is not proven out in the test.  Among Symantec’s major competitors, SES Complete achieved the highest visibility score in detection.

The ATT&CK Evaluation results demonstrate how Broadcom’s recent new investments in SES Complete are paying dividends for our customers. With the addition of new technologies, such as Behavioral Isolation, SES Complete has proven that its expansion of both prevention and detection technologies is vital in winning the battle against attackers. This chart says it all:

Symantec believes that customer dollars should not have to choose between great protection and great detection. SES Complete delivers both.