Helsinki, Finland - April 21, 2021: Today, F-Secure published its analysis of the company's performance in MITRE Engenuity's third ATT&CK® Evaluation. The evaluation pitted F-Secure's detection and response capabilities against the tactics and techniques of Carbanak and FIN7 - two groups that have compromised financial services and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years.

'MITRE's ATT&CK Evaluations are a great way for organizations to learn about F-Secure's ability to provide visibility into attacks from some of today's most notorious threat actors,' said F-Secure Product Manager Michael Greaves. 'Giving defenders visibility into all stages of an attack provides them with more opportunities to detect and contain intrusions while they're in progress. This is the third MITRE Engenuity ATT&CK® Evaluation we've participated in, and we're pleased these tests have consistently proven that our products provide information about different parts of the attack chain that defenders need to mount an effective response to incidents.'

Each year, MITRE Engenuity conducts independent evaluations of cyber security products to help government and industry make better decisions to combat security threats and improve the industry's threat detection capabilities. In the past few months, 29 vendors participated in the Carbanak and FIN7 evaluations - up from the 12 key players that participated in the first ATT&CK Evaluation.

The ATT&CK Evaluations team chose to emulate Carbanak and FIN7 because they target a wide range of industries for financial gain, whereas prior emulated groups were more focused on espionage. The MITRE Engenuity ATT&CK Evaluations team always balances previously tested techniques with untested techniques and variation to best capture how the defensive solutions are evolving to address a diverse set of threats.

'MITRE's evaluations empower the security community to make more informed decisions through a transparent evaluation process and we're glad that F-Secure participated in this important test, along with multiple other vendors,' said Frank Duff, MITRE ATT&CK Evaluations Lead. 'Using the MITRE ATT&CK framework as the benchmark, and our publicly available results, users can explore how F-Secure detected our emulated adversary behavior of Carbanak and FIN7. Working together, these evaluations can make cyberspace safer for everyone.'

Details on F-Secure's results are available here:

Full results from the ATT&CK Evaluations featuring Carbanak and FIN7 are available here:

About MITRE Engenuity ATT&CK Evaluations

MITRE Engenuity ATT&CK evaluations are paid for by vendors and are intended to help vendors and end-users better understand a product's capabilities in relation to MITRE's publicly accessible ATT&CK® framework. MITRE developed and maintains the ATT&CK knowledge base, which is based on real world reporting of adversary tactics and techniques. ATT&CK is freely available, and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense. MITRE Engenuity makes the methodology and resulting data publicly available so other organizations may benefit and conduct their own analysis and interpretation. The evaluations do not provide scores, ranks, or endorsements.

About MITRE Engenuity
MITRE Engenuity is a tech foundation that collaborates with the private sector on challenges that demand public interest solutions, to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing and next generation communications.


  • Original document
  • Permalink


F-Secure Oyj published this content on 21 April 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 21 April 2021 14:31:00 UTC.