WithSecure excels in latest MITRE Engenuity ATT&CK® Evaluation

Press Release  |  November 9, 2022

WithSecure’s detection and response capabilities performed well across all categories in simulated APT attack.

Helsinki, Finland – November 9, 2022: WithSecure™ (formerly known as F-Secure business) has completed MITRE Engenuity’s inaugural Managed Services evaluation. The evaluation assessed WithSecure’s endpoint detection and response capabilities against simulated attacks from OilRig – an advanced persistent threat (APT) group whose operations align to the strategic objectives of the Iranian government.

OilRig attacks have historically involved social engineering, stolen credentials, and supply chain attacks, resulting in the theft of sensitive data from critical infrastructure, financial services, government, military, and telecommunications.

WithSecure™ performed well in the evaluation and successfully detected a wide variety of OilRig’s tactics, techniques, and procedures (TTPs) used during different phases of the attack(s).

“MITRE’s assessments provide organizations tremendous value by evaluating core detection and response capabilities for both technology platforms and, in this case, managed detection and response services as a whole,” said WithSecure Director of Detection and Response Arran Purewal. “We are delighted to have taken part in the first Managed Services evaluation that allows us to demonstrate our ability to protect organizations from advanced threat actors.”

Each year, MITRE Engenuity conducts independent evaluations of cyber security products to help government and industry make better decisions to combat security threats and improve industry’s threat detection capabilities. The most recent round of tests included WithSecure™ and 15 other providers of detection and response solutions.

OilRig was chosen for this year’s evaluation based on its evasion and persistence techniques, its complexity, and its relevancy to industry.

“We value the work WithSecure has done participating in our inaugural managed services evaluation, said Ashwin Radhakrishnan, General Manager of MITRE Engenuity ATT&CK Evaluations. Their participation is essential to MITRE Engenuity’s mission to provide the community with a stronger threat-informed defense approach to security”.

WithSecure’s detection and response offerings include its Countercept managed detection and response service, and the endpoint detection and response module available for its cloud-based cyber security platform, WithSecure Elements.

WithSecure’s full results are available at https://attackevals.mitre-engenuity.org/managed-services/participants/withsecure?view=managed-services.


About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense. www.mitre-engenuity.org


About MITRE Engenuity ATT&CK® Evaluations

ATT&CK® Evaluations (Evals) is built on the backbone of MITRE’s objective insight and conflict-free perspective. Cybersecurity vendors turn to the Evals program to improve their offerings and to provide defenders with insights into their product’s capabilities and performance. Evals enables defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology, using a collaborative, threat-informed, purple-teaming approach that brings together vendors and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity’s commitment to serve the public good, Evals results and threat emulation plans are freely accessible.

WithSecure™ media relations
Adam Pilkey

About WithSecure™

WithSecure™, formerly F-Secure Business, is cyber security’s reliable partner. IT service providers, MSSPs and businesses – along with the largest financial institutions, manufacturers, and thousands of the world’s most advanced communications and technology providers – trust us for outcome-based cyber security that protects and enables their operations.

Our AI-driven protection secures endpoints and cloud collaboration, and our intelligent detection and response are powered by experts who identify business risks by proactively hunting for threats and confronting live attacks. Our consultants partner with enterprises and tech challengers to build resilience through evidence-based security advice. With more than 30 years of experience in building technology that meets business objectives, we’ve built our portfolio to grow with our partners through flexible commercial models.

WithSecure™ Corporation was founded in 1988, and is listed on NASDAQ OMX Helsinki Ltd.