F-Secure’s Detection and Response Capabilities Shine in 3rd MITRE Engenuity ATT&CK® Evaluation

Evaluation puts a spotlight on the visibility F-Secure gives defenders on Carbanak and FIN7’s tactics, techniques, and procedures.

Helsinki, Finland – April 21, 2021: Today, F-Secure published its analysis of the company’s performance in MITRE Engenuity’s third ATT&CK® Evaluation. The evaluation pitted F-Secure’s detection and response capabilities against the tactics and techniques of Carbanak and FIN7 – two groups that have compromised financial services and hospitality organizations through the use of sophisticated malware and techniques, resulting in the theft of more than $1 billion across hundreds of businesses over the past five years.

“MITRE’s ATT&CK Evaluations are a great way for organizations to learn about F-Secure’s ability to provide visibility into attacks from some of today’s most notorious threat actors,” said F-Secure Product Manager Michael Greaves. “Giving defenders visibility into all stages of an attack provides them with more opportunities to detect and contain intrusions while they’re in progress. This is the third MITRE Engenuity ATT&CK Evaluation we’ve participated in, and we’re pleased these tests have consistently proven that our products provide information about different parts of the attack chain that defenders need to mount an effective response to incidents.”

Each year, MITRE Engenuity conducts independent evaluations of cyber security products to help government and industry make better decisions to combat security threats and improve the industry’s threat detection capabilities. In the past few months, 29 vendors participated in the Carbanak and FIN7 evaluations – up from the 12 key players that participated in the first ATT&CK Evaluation.

The ATT&CK Evaluations team chose to emulate Carbanak and FIN7 because they target a wide range of industries for financial gain, whereas prior emulated groups were more focused on espionage. The MITRE Engenuity ATT&CK Evaluations team always balances previously tested techniques with untested techniques and variation to best capture how the defensive solutions are evolving to address a diverse set of threats.

“MITRE’s evaluations empower the security community to make more informed decisions through a transparent evaluation process and we’re glad that F-Secure participated in this important test, along with multiple other vendors,” said Frank Duff, MITRE ATT&CK Evaluations Lead. “Using the MITRE ATT&CK framework as the benchmark, and our publicly available results, users can explore how F-Secure detected our emulated adversary behavior of Carbanak and FIN7. Working together, these evaluations can make cyberspace safer for everyone.”

Details on F-Secure’s results are available here: https://www.f-secure.com/en/business/resources/mitre-evaluation-2020-carbanak-fin7.

Full results from the ATT&CK Evaluations featuring Carbanak and FIN7 are available here: https://attackevals.mitre-engenuity.org/enterprise/participants/?rounds=carbanak_fin7.


About MITRE Engenuity ATT&CK Evaluations

MITRE Engenuity ATT&CK evaluations are paid for by vendors and are intended to help vendors and end-users better understand a product’s capabilities in relation to MITRE’s publicly accessible ATT&CK® framework. MITRE developed and maintains the ATT&CK knowledge base, which is based on real world reporting of adversary tactics and techniques. ATT&CK is freely available, and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense. MITRE Engenuity makes the methodology and resulting data publicly available so other organizations may benefit and conduct their own analysis and interpretation. The evaluations do not provide scores, ranks, or endorsements.


About MITRE Engenuity
MITRE Engenuity is a tech foundation that collaborates with the private sector on challenges that demand public interest solutions, to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing and next generation communications. www.mitre-engenuity.org

About F-Secure

F-Secure makes every digital moment more secure, for everyone. We deliver brilliantly simple, frictionless security experiences that make life easier for the tens of millions of people we protect and our 170 service provider partners. For more than 30 years, we’ve led the cyber security industry, inspired by a pioneering spirit born out of a shared commitment to do better by working together.

f-secure.com | twitter.com/fsecure | linkedin.com/f-secure

F-Secure media relations

Adam Pilkey

PR Content Manager

+358 40 637 8859

Press list

Sign up for media information from F-Secure.

We process the personal data you share with us in accordance with our Corporate Business Privacy Policy.

Press archive

By year

Browse through our news by year.

By category

Browse through our news by category.