ESET’s detection and response capabilities tested in MITRE Engenuity ATT&CK® Evaluations

Next story

This year, the MITRE Engenuity ATT&CK® Evaluations emulated the Wizard Spider and Sandworm threat groups, putting ESET Inspect to the test and ESET’s groundbreaking research into Sandworm in focus.


ESET, a global leader in cybersecurity, today announced the participation of ESET Inspect (formerly ESET Enterprise Inspector) in the fourth round of the MITRE Engenuity ATT&CK® Evaluations for Enterprise. This round of the ATT&CK Evaluations emulated the Wizard Spider and Sandworm threat groups, collecting results from 30 participating vendors and highlighting ESET’s pioneering research into Sandworm, especially the discovery of the Exaramelbackdoor.

The ATT&CK Evaluations prioritise threat groups that can have a significant impact on businesses and governments worldwide.Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since August 2018 against a variety of organisations, ranging from major corporations to hospitals. Sandworm is a cyberespionage threat group that is known for carrying out destructive attacks, such as the 2015 and 2016 disruptions of Ukraine’s electrical power grid and the 2017 NotPetya outbreak.

The detection scenarios of the evaluation consisted of 10 steps for Wizard Spider and 9 for Sandworm. As support for Linux in ESET Inspect was released after the evaluation, four steps related to Sandworm were out of scope. ESET Inspect detected all of the 15 applicable steps (100%). The evaluation categorised the level of context provided by the vendor’s tool and you can read more in ESET’s in-depth analysis of the results in this blogpost.

“ESET believes in taking a multi-layered, high-performance approach to developing our detection technologies. ESET Inspect is the foundation of our extended detection and response (XDR) capabilities and works together with ESET PROTECT security platform to offer a complete solution that is optimised for ease of use,” said ESET Chief Research Officer, Roman Kováč. “We have been tracking Sandworm since its inception, being the first to identify the work of its subgroups BlackEnergy and TeleBots and to discover the origin of the NotPetya outbreak. For us, it’s critical to keep ahead of the curve with our telemetry and put our solutions to the test through the expert lens of the MITRE Engenuity team.”

“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat informed defence capabilities, which in turn has developed the infosec community’s emphasis on prioritising the ATT&CK Framework,” said Ashwin Radhakrishnan, acting     General Manager of ATT&CK Evaluations at MITRE Engenuity.

The ATT&CK Evaluations demonstrate that ESET Inspect is able to provide defenders excellent visibility and context throughout all attack stages. As an XDR-enabling solution, ESET Inspect is a sophisticated tool with advanced threat hunting and incident response capabilities, and together with ESET PROTECT offers deep network visibility, cloud-based threat defenses, and more.  ESET has continuously been named a top player and a leader in the industry for its business solutions. 

For more information on ESET’s results in this ATT&CK Evaluation, check out our blog post[2]  and MITRE Engenuity’s evaluation results page.

About MITRE Engenuity  

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centres, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyses the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics centre for public good, accelerating use case innovation in 5G, and democratising threat-informed cyber defence.

About ESET 

For more than 30 years, ESET® has been developing industry-leading IT security software and services to protect businesses, critical infrastructure and consumers worldwide from increasingly sophisticated digital threats. From endpoint and mobile security to endpoint detection and response, as well as encryption and multifactor authentication, ESET’s high-performing, easy-to-use solutions unobtrusively protect and monitor 24/7, updating defences in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company that enables the safe use of technology. This is backed by ESET’s R&D centres worldwide, working in support of our shared future. For more information, visit www.eset.com or follow us on LinkedIn, Facebook, and Twitter.