Representative offices: 

Request callback
btn

iIT Distribution is an official distributor of Holm Security!

News

iIT Distribution has signed a partnership agreement with the leading global provider of vulnerability management solutions – Holm Security.


With the cost of cybercrime on the rise, it is estimated that the annual cost to companies worldwide will reach $10.5 trillion by 2025. To address this, it is critical that companies have the tools to effectively manage risks and vulnerabilities across the complete business system infrastructure.

The Holm Security is a Swedish developer of automated vulnerability detection solutions. The company quickly gained recognition for its advanced vulnerability scanning solutions and has become known internationally.

Holm Security Vulnerability Management Platform is a next-generation solution that proactively protects against cyberattacks, ensures uninterrupted system operation, and ultimately contributes to business continuity.

The platform covers both technical and human resources, automatically performs scanning, and generates reports on the organization's networks, cloud, APIs systems and web applications . It also offers users, often considered the weakest link in the IT environment, training to counter phishing and increase awareness.


Learn more about Holm Security Vulnerability Management Platform


The vulnerability management platform enables organizations to assess the security of their entire IT infrastructure. Thanks to automatic and continuous scanning, it provides a comprehensive solution for detecting, assessing, prioritizing, and effectively mitigating vulnerabilities. Assets can be organized into separate dynamic lists for ongoing monitoring of existing systems. Information on threats and automated prioritization allows organizations to understand where to focus their security efforts.


The collaboration with iIT Distribution makes the vulnerability management platform from Holm Security available in Ukraine, Kazakhstan, Uzbekistan, Georgia, Azerbaijan, Kyrgyzstan, Moldova, Tajikistan and Armenia.

iIT Distribution has extensive experience working with corporate clients and system integrators across Ukraine and offers a full range of services—from sales and setup to technical support and user training.

Check the effectiveness of Holm Security solutions for yourself. Send a request to receive demo versions of solutions and order product testing through the feedback form on the website or contact us directly!

Back

iIT Distribution — срібний партнер IX CIO&CISO Forum!

News

Вже 21 березня (завтра) у Києві відбудеться дев’ятий CIO&CISO Forum, організований VlasConferencе.

Компанія iIT Distribution також візьме участь в заході у якості срібного партнера. Керівник українського офісу iIT Distribution виступить з доповіддю на тему: "Моніторинг появи корпоративних даних в DarkNet: необхідність рішень Ceber Threat Intelligence", де поділиться інсайтами щодо виявлення скомпрометованої інформації, особливо в контексті цифровізації та зростаючих загроз з дарквебу.

Зловмисники використовують анонімність для продажу або обміну викрадених даних, що ставить під загрозу не тільки фінансову стабільність компаній, але й приватність особистої інформації клієнтів та співробітників. Це породжує необхідність у постійному моніторингу та аналізі активності в DarkNet для раннього виявлення та зупинення потенційних загроз.

Приєднуйтеся, буде цікаво!

Про форум:

CIO&CISO Forum це щорічна подія, від організатора VlasConference, яка збирає під одним дахом керівників IT та інформаційної безпеки з різних галузей. Форум створений для обміну знаннями, досвідом, найкращими практиками, а також для обговорення актуальних викликів та тенденцій у сфері цифрової трансформації, кіберзахисту та управління інформаційними ресурсами.

Реєстрація для участі by the link

Back

Results of the event "Ecosystem of Excellence: From security innovations to sales success"

Release

On 7 March, the iIT Distribution team organised a partner event at theParkovyConvention and Exhibition Centre. The event discussed the cyber challenges faced by Ukrainian companies and covered a wide range of opportunities to meet the needs of customers in protecting information assets with the help of unique tools and services from leading vendors.


The meeting started with an introduction from Sergii Kulyk, Head of the Ukrainian office at iIT Distribution. Sergii spoke about the conditions of modern cyberspace and which risk areas pose the greatest threat to the security of data and infrastructure of organisations.

Specially invited guests, Yegor Aushev, CEO of Cyber Unit Technologies and Rostyslav Kondryk, COO of Cyber Unit Technologies, presented the first Ukrainian cyber range Unit Range. During their presentation, the speakers detailed the capabilities of the Unit Range platform for training specialists and developing cyber resilience, emphasising the importance of practical skills in countering cyber threats.

According to World Economic Forumstatistics, 95% of cyber incidents are caused by human error. Therefore, cybersecurity training, skills assessment and practice is one of the biggest needs of Ukrainian companies.

Next, Oleksiy Markuts,Crowdstrike Lead at iIT Distribution – presented "CrowdStrike: How to beat the competition", where he described CrowdStrike 's technological leadership, the wide range of features of the CrowdStrike Falconplatform, experience in implementing solutions and CrowdStrike's capabilities to meet the needs of customers in Ukraine.

The next presentation was dedicated to the SIEM by LogRhythm. Speaker Dmytro Dolynnyi revealed the importance of adapting to the changing cybersecurity environment and how modern SIEM technologies can help identify, analyse, and respond to cyber threats more effectively than ever. Particular attention was paid to the potential of LogRhythm to increase the level of protection of organisations, optimise threat detection processes and ensure compliance with regulatory requirements.

The presentation by Andriy Levchenko, , Fastly Presale at iIT Distribution revealed the potential of Fastly, a new player in the Ukrainian WAF market. The main topic of the report was the discussion of Fastly in the context of its innovative approaches to ensuring security in the digital space and the identification of potential customers for this technology.

In the next block, Dmytro Dolynnyi enlightened the participants on the importance of monitoring the darknet using the SOCRadar platform. The attendees had a unique opportunity to see what confidential corporate data of large Ukrainian companies have fallen into the hands of attackers and could potentially be used against them. The speaker emphasised the critical role that SOCRadar plays in detecting and preventing such information leaks, thanks to its powerful cyber threat intelligence tools.

The event concluded with a panel discussion with the CISO of a large Ukrainian company. The discussion focused on the cybersecurity challenges facing businesses today. Attendees of the event had the opportunity to ask questions to the panelist and get important answers that will be useful for further work and establishing communication with customers.

After the official part of the event, the participants enjoyed a delicious dinner and fruitful networking. The guests of the event received positive impressions of the event, emphasising the high level of organisation, the relevance of the topics and the value for industry professionals.

Thank you to everyone who was with us and shared these unforgettable moments!

iIT Distribution is a distribution company that specialises in the supply and implementation of comprehensive and flexible solutions from the world's best vendors. Our experts will conduct a preliminary examination of the project and assess the availability of conditions for its implementation at the enterprise.

Back

CrowdStrike 2024 report: analysing global cyber threats and defence strategies

News

The CrowdStrike 2024 Global Threats Report details the key threats and trends shaping the threat landscape in 2023, the attackers driving this activity, and offers defence strategies your organisation can use to strengthen security in the year ahead.

The tenth CrowdStrike report explores how attacker behaviour is increasing the risk to the security of organisations' data and infrastructure.
Thanks to this report, organisations are becoming more aware and prepared to effectively confront new threats.

How speed and stealth increase the chances of successful cyberattacks

Attackers are operating with exceptional stealth and launching attacks in minutes.

Over the past year, CrowdStrike's Counter Adversary Operations (CAO) division has observed eCrime groups, state threat actors and hacktivists working to maximise the speed, stealth, and impact of their attacks.

The average eCrime breach time was just 62 minutes in 2023, up from 84 minutes the previous year. The fastest breach time was just 2 minutes and 7 seconds.

Personal data is increasingly being targeted

Behind most of today's attacks is a person. Interactive intrusions increased by 60% in 2023. Additionally, 75% of attacks were used to gain initial access and did not contain malware. Attackers are using more effective techniques such as credential phishing, password spraying, and social engineering. Attackers can log in with credentials with stolen identities. This is now one of the fastest and most common ways to gain access.

The stolen identity market continues to grow. In 2023 alone, the number of adverts from brokers has increased by 20% selling valid credentials.

Cloud environments are under threat

As organisations continue to move operations to cloud environments, attackers are rapidly improving their skills and exploiting weaknesses in defences. A 75% increase in intrusions into cloud environments has been recorded. Attackers are using identities to gain access.

This all goes to show that identities are the most vulnerable factor in the security of organisations.Therefore, protecting them becomes even more important.

In 2023, CAO started tracking 34 new entities, increasing the total number to over 230. To stop breaches, you need to understand the motivation and methods that attackers use to target organisations.

Below are the trends and conclusions we examine in this year's report:

  • Relationships with third parties. Attackers have consistently worked to exploit vendor-client relationships. By gaining access to vendors' IT services, they compromised the software supply chain and used it to distribute malicious tools.
  • The use of generative artificial intelligence will grow. In 2023, we saw states and hacktivists experimenting with generative AI to democratise attacks and lower the barrier to more sophisticated operations. Generative AI will likely continue to be used in cyberattacks in 2024, as its popularity only continues to grow.
  • Global election disruption.There are more than 40 democratic elections scheduled for 2024. Therefore, state and eCrime attackers will have numerous opportunities to interfere with the electoral process or influence voter opinion. States such as China, Russia, and Iran will likely conduct disinformation and sowing discord operations amid geoconflicts.

Don't miss the opportunity to strengthen your organisation's defences against advanced cyber threats. Downloadthe CrowdStrike 2024 Global Threat Reportnow for a detailed analysis of the threat landscape.

iIT Distribution is a leading cyber security expert and official distributor of CrowdStrike's advanced solutions. We offer comprehensive support to organisations in strengthening IT security and optimising their infrastructure. Our approach covers not only the provision of the necessary software and hardware but also includes comprehensive integration and support services to ensure that cyber defence solutions are implemented effectively.

Back

iIT Distribution is the official distributor of Niagara Networks

Release

The iIT Distribution team is proud to announce the signing of a distribution agreement with Niagara Networks, a leading company in the field of network solutions.


Niagara Networks specializes in the development of high-quality network solutions that provide reliable control and management of network traffic. Their products, which have already made a mark on the global market, include advanced traffic management technologies for optimizing and securing corporate networks.

The vendor focuses on creating out-of-band networks for copying, filtering, and delivering traffic copies to monitoring and security systems.


Niagara Networks' key advantage is transforming standard visibility into an enhanced level of visibility and security. This allows NetOps and SecOps teams to seamlessly manage security, performance, monitoring, and other critically important network services, as well as administer a multitude of security tools and platforms. This, in turn, helps reduce operational costs and downtime while simultaneously providing flexibility and scalability of services.

Niagara Networks' solutions are characterized by high reliability, flexibility, and ease of integration with an enterprise's existing IT infrastructure, making them indispensable for effective network management.

They provide all the components for an advanced level of visibility at data transmission speeds up to 100 Gbps, which is ideal for all types of networks, including 5G, traffic splitters, bypass elements, packet brokers, and a unified management layer.

Additionally, Niagara Networks actively collaborates with leading global technology companies to ensure a high level of transparency and security of network systems. The iITD portfolio includes several solutions that are optimally combined with Niagara products, including protection systems and balancers from A10 Networks and NDR solutions from Gatewatcher.


To learn more about Niagara Networks' solutions and to request a trial, you can follow by the link.


iIT Distribution will distribute Niagara Networks' solutions in the territories of Ukraine, Kazakhstan, Uzbekistan, Georgia, Poland, Lithuania, Latvia, Azerbaijan, Estonia, Kyrgyzstan, Moldova, Tajikistan, and Armenia.

Back

Hacking of Microsoft by Russian hackers and its significance in the field of cybersecurity

Release

After a Russian-aligned hacker group gained access to the email accounts of Microsoft's top executives, CrowdStrike CEO George Kurtz said in a TV interview that the expose contained "scant" details that did not explain what really happened.


Chief Executive Officer of CrowdStrike George Kurtz, criticized Microsoft for providing "scant" details about the hack that affected senior Microsoft executives and suggested that the disclosure did not provide a meaningful explanation of how the incident occurred.

Kurtz, whose company is Microsoft's main competitor in many segments of the cybersecurity market, made the comments on Monday during an interview on CNBC.

To watch the full version of the interview, please follow by the link

On Friday, January 19, Microsoft reported that a Russian-linked threat actor had stolen emails from members of its senior management team, as well as employees of its cybersecurity and legal departments. The details of this incident are covered by CRN with a comment from the CEO of CrowdStrike.

The tech giant attributed the attack to a group it tracks as Midnight Blizzard, and previously tracked as Nobelium, and which Microsoft holds responsible for the large-scale SolarWinds hack in 2020..

The names of the Microsoft executives whose accounts were affected were not disclosed.

In its announcement on Friday, Microsoft said the incident began with a password spray attack in late November 2023 that compromised "an account of an outdated, non-production test tenant.".

In an interview with CNBC, Kurtz emphasized that this explanation for the Microsoft hack is not entirely true.

“I’m confused, because what Microsoft talks about is [that] it was a non-production test environment. So how does a non-production test environment lead to the compromise of the most senior officials in Microsoft [and] their emails?” he said. “I think there's a lot more that's going to come out on this.”

In his criticism, Kurtz also referred to the timing of the Microsoft disclosure, which was released on Friday after the stock market closed for the weekend.

In addition to the blog post, Microsoft discussed the incident in a filing with the U.S. Securities and Exchange Commission on Friday, as part of its compliance with recently introduced cyberattack disclosure rules for public companies.

“When you drop this on a Friday at five o'clock, and you have scant details, I think there's more to come on it,” Kurtz said during the CNBC interview.

Microsoft declined to comment further to CRN on Tuesday.

In its announcement on Friday, Microsoft said that the attackers used permissions from the initially compromised account to "access a very small percentage of Microsoft's corporate email accounts, including those of members of our senior management team and employees from cybersecurity, legal and other functions, and stole some emails and attached documents."The hack also affected accounts belonging to the company's cybersecurity and legal staff, as well as "other functions," Microsoft said.

Microsoft said that its security team learned about the compromise after it detected "an attack by a state actor on our corporate systems" on January 12, 2024.

Secure Future Initiative

In its post, Microsoft also made two references to its Secure Future Initiative, a set of major changes announced in early November 2023 aimed at improving Microsoft's security, as well as the security of its widely used platforms.

"As part of our ongoing commitment to transparency, recently affirmed in our Secure Future Initiative (SFI), we are sharing the latest news," Microsoft said in a statement on Friday.

During an interview with CNBC on Monday, Kurtz questioned the emphasis on this initiative that Microsoft placed on its disclosure.

“When you look at some of the things that Microsoft talks about [in the disclosure], it's secure initiatives and it's marketing around this,” he said. “If they spent some more time on coming clean on what happened here and less on the marketing and papering over it, I think it would be good for the industry.”

A series of hacker attacks

The incident followed last year's high-profile hacking of Microsoft cloud email accounts belonging to several US government agencies.

The attack, discovered in June 2023, is believed to have affected the emails of Commerce Secretary Gina Raimondo, as well as US Ambassador to China Nicholas Burns and officials at the Department of Commerce. According to reports, a total of 60,000 emails were stolen from 10 US State Department accounts in the China-related compromise.

A frequent critic of Microsoft's security, Kurtz told CRN in an interview in 2023 that the cloud email hack was an example of how Microsoft's security "failures" had jeopardized the US government and businesses.

Ultimately, Microsoft's security problems "put millions and millions - tens of millions - of customers at risk," he told CRN earlier.

Kurtz, who is also the co-founder of CrowdStrike, echoed these comments in an interview with CNBC on Monday. "I think what you're seeing here is a systemic failure at Microsoft that is putting not only their customers at risk, but also the U.S. government, which is a big customer," he said.

The Microsoft paradox in the context of cybersecurity

Microsoft has always been a popular target for attackers. When you have the world's dominant operating system and a significant market share in email platforms, productivity software, cloud services, and applications, attackers will try to find weaknesses that can be exploited.

The situation is complicated by the fact that Microsoft is not only a software and operating system provider, but also one of the leaders in the cybersecurity market. They offer tools and services to protect against cyberattacks, often targeting vulnerabilities in their own products.

In the digital world, where the number of threats is constantly growing and attackers are finding new methods to achieve their goals, it is important to stay one step ahead of the attackers and ensure your infrastructure has reliable solutions to protect against cyber incidents.

The iIT Distribution portfolio includes solutions from industry-recognized vendors. Our partners, clients, and organizations of any size can request a trial version of any vendor's solutions through the feedback form on our website. Stay safe and secure!

Back

CrowdStrike's undisputed leadership and Gartner recognition

News

CrowdStrike is named a Leader in the 2023 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.


If a picture is worth a thousand words, then the Gartner® Magic Quadrant 2023 for Endpoint Security Platforms speaks for itself.

Today, we are proud to announce that CrowdStrike has been named a Leader in the Gartner® Magic Quadrant™ for Endpoint Security Platforms in 2023. The company was ranked first in the Completeness of Vision category and first in the Ability to Execute category among the 16 vendors that participated in the study.

The AI-powered Extended Detection and Response platform (XDR) CrowdStrike Falcon , is the most powerful, effective, and innovative cybersecurity platform on the market today. And the only platform that delivers the best security on the market for endpoints and beyond, for organizations of all sizes.


Defining the Future of AI Cybersecurity

This is the fourth time in a row that Gartner has ranked CrowdStrike highest in the Completeness of Vision category, which we believe positions the company as a trusted innovation partner in the endpoint security space.

Since CrowdStrike's founding, the company has been leveraging the power of artificial intelligence to innovate detection and optimize analysts' work. CrowdStrike pioneered the endpoint threat detection and response market by developing an AI-powered platform designed to centrally analyze trillions of events every day and enrich that information with world-class analytics to identify hostile activity patterns and stop cyberattacks. Since then, the company has continued to innovate in endpoint security and is a leader in AI, as evidenced by the recent announcements of CrowdStrike Charlotte AI, AI-powered indicators of attack (IOA) for advanced behavioral analysis, and continuous improvement of its advanced AI-based detection engine.

These AI innovations help organizations more quickly detect, respond to and prevent threats. The AI-native platform, with a single lightweight agent, empowers customers to simplify their operations and consolidate disjointed point products to achieve a unified defense against increasingly sophisticated attacks targeting endpoints, identities, cloud workloads and more.

Cybersecurity consolidation has been a key focus for organizations seeking to improve security outcomes, reduce technology sprawl, and minimize cost and complexity. Customers are consolidating with CrowdStrike because the Falcon platform makes it easy to expand protections beyond the endpoint to defend cloud, identity and data using the same lightweight agent and command console.

And while adoption of our XDR solution has soared, we’ve doubled down on R&D. The recently announced Raptor release of the Falcon platform introduces more innovative XDR capabilities that radically transform the speed and efficiency of investigations with generative AI and a completely reimagined analyst experience.

Cybersecurity Built for Every Organization

Gartner positioned CrowdStrike highest in Ability to Execute, which we believe acknowledges our trusted combination of a unified, innovative platform and professional services to protect organizations of all sizes.

Our cloud-based endpoint security solutions have been designed to protect a wide range of organizations. CrowdStrike is trusted by the world's leading enterprises and government agencies, and we recently made it easier for small and medium-sized businesses (SMBs) to take advantage of our market-leading cybersecurity. CrowdStrike Falcon® Go offers award-winning AI-powered cybersecurity to protect SMBs from ransomware, data breaches, and other threats. With just a few clicks, users of all skill levels can quickly and easily deploy CrowdStrike endpoint security.

For organizations that require additional support, CrowdStrike offers round-the-clock expert management, monitoring, proactive threat detection, and comprehensive remediation. In May, Gartner ranked CrowdStrike as the #1 company in the "Market Share: Managed Security Services, Worldwide, 2022" for Managed Detection and Response (MDR) market share for the second year in a row. We believe that this, along with recognition in the Gartner® Magic Quadrant™ for Endpoint Security Platforms 2023, validates CrowdStrike's ability to deliver innovative and powerful endpoint security solutions for every organization.


Learn more about the components of the CrowdStrike solution and evaluate their effectiveness in person.


The iIT Distribution – is the official distributor of CrowdStrike solutions. We help organizations ensure comprehensive protection and increase the efficiency of their IT infrastructures. Our approach provides customers with the necessary software, hardware, implementation and support services.

Back

iIT Distribution is the official distributor of SOCRadar!

Release

iIT Distribution has signed a distribution agreement with SOCRadar, a provider of a comprehensive solution for Extended Threat Intelligence (XTI).


iIT Distribution has successfully signed a distribution agreement with the leading vendor in the field of advanced threat intelligence (XTI) - SOCRadar. This partnership agreement complements iIT Distribution's portfolio with a high-tech solution for monitoring and detecting threats in the digital space.

SOCRadar was the first company to combine EASM technologies (external attack surface management), DRPS (Digital Risk Protection Services) and CTI (Cyber Threat Intelligence) into a unified concept – Extended Threat Intelligence (XTI). This new area entails an integrated approach to identifying, analyzing, and responding to cyber threats, providing organizations a comprehensive view of their digital risks.

The SOCRadar platform offers a solution for comprehensive cyber threat analysis by utilizing artificial intelligence and machine learning to automate the processes of data collection and analysis from various sources, including the Deep/Dark Web, social networks, and other online platforms. This thorough overview of threats enables companies to adapt more swiftly to the evolving cyber threat landscape, detect blind spots where hackers often lurk, and fortify their defense mechanisms effectively.

The SOCRadar team actively monitors security breaches, hacking attacks, vulnerabilities, and data leaks to maintain the most current threat landscape. Additionally, SOCRadar publishes weekly reports highlighting the latest trends and events in the world of cyber threats. These valuable insights form the foundation for companies aiming to strengthen their cybersecurity, allowing them to anticipate potential risks and develop effective defense strategies.


Learn more about SOCRadar solutions


One of the key advantages of SOCRadar is its flexibility in integrating with an enterprise's existing IT infrastructure. Thanks to its open API and compatibility with a wide range of platforms, the SOCRadar solution can be seamlessly integrated with existing enterprise cybersecurity solutions, including SIEM systems, intrusion protection systems, and other cybersecurity tools.

This integration enables automated threat information exchange, speeding up the processes of threat detection and incident response. This approach not only enhances the effectiveness of digital threat protection but also optimizes enterprise cybersecurity spending, ensuring a more comprehensive and efficient defense.

Today, organizations around the world use the SOCRadar platform, including those in the finance, retail, healthcare, insurance, energy, and government sectors.

The collaboration with iIT Distribution will enable SOCRadar to expand its presence in the territories of Ukraine, Kazakhstan, Uzbekistan, Georgia, Azerbaijan, Kyrgyzstan, Moldova, Tajikistan, and Armeniaproviding local companies access to leading-edge cyber threat intelligence solutions.

You can send a request for testing SOCRadar solutions via a special form on our website!

Back

The WALLIX Bastion hardware and software system is certified by the State Service of Special Communications and Information Protection of Ukraine

News

Experts of the State Service of Special Communications and Information Protection of Ukraine (Derzhspetszv'yazku) have certified the effectiveness of the WALLIX Bastion solution in the field of privileged access management (PAM), which confirms its compliance with information security requirements and standards.


The results of the expert evaluation confirmed that the WALLIX Bastion hardware and software complex meets high standards of information protection against unauthorized access, the requirements of the current regulatory framework for identification security, and can be used to build a secure IT infrastructure in both public and private organizations.


WALLIX offers a simple way to visualize and control access. WALLIX Bastion allows you to monitor what company users or external service providers are doing inside information systems and avoid the need to provide unnecessary logins and passwords. The solution reliably protects against incidents involving stolen credentials and elevated privileges.


From now on, IT Distribution is able to offer the implementation of the WALLIX solution in all government, financial and international organizations where only certified software products are required. Government agencies and enterprises will now be able to protect internal and external privileged access to IT assets with WALLIX Bastion.

WALLIX Bastion architecture


Learn more about WALLIX and its solution WALLIX Bastion


The iIT Distribution team is ready to provide a full range of support for the successful implementation of WALLIX Bastion solutions, including presentations and demonstrations to help you better understand the solution's capabilities and benefits. We are also ready to organize a pilot project so that you can make sure the solution is effective and compatible with your infrastructure and business processes. Contact us today to get started and ensure that your access is securely protected.

Back

Request for product demonstration or testing

CrowdStrike provides 100% coverage according to the MITRE Engenuity ATT&CK Evaluations: Round 5

Release

CrowdStrike has received the highest score in the last two consecutive MITRE Engenuity ATT&CK® Evaluations . The company achieved 100% protection, 100% visibility and 100% detection analysis in the Enterprise Round 5 assessment - which equates to 100% breach prevention and stopping. CrowdStrike also achieved the highest detection rate in testing for Managed Security Service Providers.

However, interpreting Round 5 test results can quickly become very confusing due to the different representations of test results from each vendor. Unlike other third-party analytics companies, MITRE does not place vendors in a quadrant or on a graph, nor does it provide a comparative score. It leaves the interpretation up to each vendor and the clients themselves, which means you'll be inundated with news of "winning" scores.

In MITRE, there are no winners or leaders, only raw data on a vendor’s coverage against either a known or unknown adversary. Without better guidelines and enforcement from MITRE, the results will continue to confuse customers, given the wildly different solutions being tested and approaches to the evaluation.

Evaluations like MITRE can help clarify your choice. We use the evaluations to further sharpen the capabilities of the CrowdStrike Falconplatform, as well as ensure our customers understand our point of view on cybersecurity: Stopping the breach requires complete visibility, detection and protection that you can actually use in a real-world scenario.


How Should You Interpret the Results?

First, it’s important to understand the nuances of the two types of evaluations run by MITRE: open-book and closed-book tests.

Open-book testing for known attackers: The MITRE ATT&CK Enterprise Evaluations, such as the recent Round 5, give vendors months of advance notice on the adversary being emulated and their tactics, techniques and procedures (TTPs), and then measure for coverage in a noiseless lab environment.

Figure 1. CrowdStrike detects 143 (100%) steps during the MITRE Engenuity ATT&CK Evaluation: Enterprise Round 5 with high-quality analytics (Tactic and Technique)

Not all results are equal, which is hard to see in a comparative chart like this, as vendors have the opportunity to tune their systems in advance and apply configuration changes on-the-fly with teams of experts who may be working behind the scenes 24/7 during the testing period. For instance, we’ve seen vendors make updates to operating systems for the test, while others manually fix verdicts or add new context and detections.

Round 5 emulated Turla, which CrowdStrike classifies as VENOMOUS BEAR, a sophisticated Russia-based adversary. Given their advanced tactics, few vendors were able to identify all of their tradecraft, with the average visibility being 83%. High-quality analytic detection of Tactic and Technique were even less, with the average dropping to 66% — with CrowdStrike achieving full 100% coverage with analytic detections.

High-quality analytics are extremely important, as they provide insight into what an adversary is attempting to achieve and how they are attempting to achieve it. High-quality analytic detection provides the context that analysts need, letting them spend less time trying to determine if the alert is a true or false positive, and also provides insight into what an adversary is trying to do. With tactic and technique detections, security analysts can spend more doing what matters: stopping breaches.

In a comparative chart like the one above, it isn’t possible to see if the capability provided is noisy annotated telemetry or important context added to a high-fidelity alert.

Closed-book testing for unknown attackers: MITRE’s Managed Security Services Providers test is a truer measure of how vendors will protect a customer in the real world, with no do-overs or chances to hunt for additional evidence. The only notification vendors receive in advance is a start date, with no visibility into the adversary being emulated or their TTPs. MITRE runs the test, and you get a coverage score.

Figure 2. CrowdStrike detected 99% of adversary techniques during MITRE ATT&CK Evaluations for Managed Security Services Providers.

To find the cybersecurity partner for you, it’s worth reviewing and correlating performance across many different tests that use different TTPs and force products to behave differently to find the true outcome of the platform. Ensure you look at the results of both open-book and closed-book tests, including those that measure false positives and performance, and know exactly what vendors did to achieve their results. Most importantly, make sure you can achieve those same outcomes in your enterprise. Sophisticated adversaries don’t provide the luxury of a heads-up, and customers won’t have potentially dozens of people working behind the scenes on their deployment in the real world.


Stopping Breaches Matters

Next, it’s critical to evaluate how effectively a vendor can stop adversaries without manual intervention. In the open-book Round 5 test, the average blocking rate was 86%, compared to CrowdStrike’s 100% protection. Even more important than the coverage is understanding how the scores were achieved.

  1. Did they use easily bypassed signatures or custom detections requiring prior knowledge?
  2. Are the analytic detections and protections high-fidelity and suitable at enterprise scale?
  3. How can I reproduce this result in my own environment?

For comparison, the CrowdStrike Falcon platform stopped 13 out of 13 scenarios without any specialized knowledge using advanced AI and behavioral analysis. This suggests that AI-based prevention will be just as effective in your environment as it was in the MITRE test.


How Do You Bring It All Together?

Ultimately, how the platform achieved its results is just as important as the coverage itself. With open source tests like the Enterprise Evaluation Round 5, you can hire enough experts to manually add your own tagging, detection, and context to achieve perfect coverage. That's why you'll see vendors shouting about their coverage from all loudspeakers - because, on the surface, many of them have succeeded.

All comparative charts, including those above, show only part of the picture. It is important to pay attention to the details: How you do it is as important as what you do. If you can't achieve results in your environment, it's just a number on a comparison chart. It cannot stop attackers and it cannot prevent breaches.

Ask your vendor, including CrowdStrike, how they achieved their results - and make sure they didn't use titanic manual efforts that will never work in the real world. It's also important to understand exactly what the full bill of materials looks like to reproduce the results. Some vendors require complex point-to-point product deployments, others require an expensive combination of network security software and hardware, and still others require a significant investment in personnel.

Vendors that use special test configurations that cannot be replicated in a real production environment should be considered especially carefully. The CrowdStrike Falcon platform is always delivered via a single lightweight agent that is easy to deploy, easy to manage, and never requires a reboot. We strengthen cybersecurity, achieving better results with a much better ROI.

The company guarantees the quality of its platform and superior coverage of both MITRE’s open-bookand closed-book testing for known and unknown adversaries — providing true breach prevention for the real world.


iIT Distribution is an official partner of the CrowdStrikewhich is responsible for the distribution and promotion of their products in Ukraine, Kazakhstan, Uzbekistan, Georgia, Poland, Azerbaijan, Estonia, Lithuania, Latvia, Kyrgyzstan, Moldova, and Tajikistan. We also provide professional support in the design and implementation of these solutions. Our team is always ready to provide our partners and customers with all the necessary information support related to each product and solution. We are also ready to answer all your questions and advise you on all issues related to improving the efficiency of your IT infrastructure and ensuring its security.

Back

Mobile Marketing
+