Microsoft Defender has been performing quite well in third-party antivirus tests lately, and today, Microsoft can add another notch in its belt by passing MITRE's Engenuity Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Evaluations with flying colors.
The evaluation tested Microsoft 365 Defender's protections against advanced malicious threat actors, namely Wizard Spider and Sandworm, which are infamous for executing human-operated ransomware campaigns. Defender was able to detect and prevent malicious activity across every major stage in simulations across multiple platforms including Windows and Linux. The simulation sported over 100 steps and 66 unique ATT&CK techniques.
MITRE evaluations emphasized that Microsoft's success is thanks to industry-leading extended detection and response (XDR), sophisticated endpoint protection platform (EPP) and endpoint detection and response (EDR) capabilities, and a comprehensive multi-platform suite of defensive tools. Microsoft says that this is the fourth year in a row that Defender has exhibited strong performance in MITRE evaluations. Similarly, complete protection across Linux has been demonstrated for the second consecutive year.
Microsoft further emphasized that it was able to achieve these results due to integrated identity threat protection as well as aggregation and prioritization of alerts and incidents. This also involves building a Zero Trust model and utilizing telemetry during the investigation process.
Lastly, Microsoft has noted that it took a "customer-centered" approach in this evaluation by configuring Defender as it would in a customer environment. This means that the company did not artificially enhance its detection and protection with real-time tuning. As such, Defender's performance in MITRE evaluations is a reflection of how it would work in the real world, if configured as per the firm's guidance.