MITRE 2024: HarfangLab delivers reliable detection and accuracy

The MITRE ATT&CK Evaluations regularly provide exciting insights and benchmarks that both manufacturers and customers can use for orientation. IKARUS technology partner HarfangLab participated in the tests for the second time – again with great success.

Excellent detection rates for known and unknown threats

MITRE ATT&CK is an internationally recognised framework that tests and evaluates cybersecurity solutions in realistic attack scenarios. The aim is to create transparency and deliver detailed insights into the effectiveness of cybersecurity solutions for companies and security professionals.

In its very first participation in 2023, HarfangLab already achieved an outstanding detection rate, positioning itself as a leading European player in the EDR field. The latest MITRE results further confirm HarfangLab’s reliable detection of the attack techniques used, including APT (Advanced Persistent Threat) attacks on macOS and ransomware attacks on Windows and Linux: HarfangLab successfully identified each of the 16 attack steps.

Rapid defence and contextualisation based on threat intelligence

In every phase of the attack scenarios simulated by the MITRE team, HarfangLab identified not only the tactics (Why is this action being performed?) but also the specific techniques (How was the action carried out?). As a result, the alerts were enriched with precise and context-specific information. HarfangLab also demonstrated strong detection performance and accuracy against typical ransomware activities, such as data exfiltration and encryption, which were tested in an additional emulation.

“For security analysts, these results mean not only confidence in the solution, but also more efficient work,“ explains IKARUS Cyber Security Engineer Stefan Vogt, who regularly works with the system: “The faster and more accurate threats are detected, the less manual rework is required and the faster the response time.“

Precision by focusing on relevant alarms and reducing noise

To measure the accuracy of detection performance, false positive rates were assessed for the first time. The MITRE Red Team introduced benign activities alongside the attack steps. If these were incorrectly blocked or reported, they would result in false positives. HarfangLab correctly classified 19 out of the 20 benign activities mixed with 80 malicious actions, effectively handling the “noise”.

False alarms burden and fatigue security teams and divert attention from truly critical security events. EDR systems, on the other hand, should streamline oversight and increase transparency.

HarfangLab Guard: EDR & EPP with integrated IKARUS Malware Scan Engine

The latest version of HarfangLab Guard integrates the IKARUS malware scan engine, which further improves detection and immediate defence against threats. “The IKARUS Malware Scan Engine acts as an extra layer of protection, identifying and blocking malicious content in milliseconds before it can even become active,“ Stefan Vogt explains: “This further reduces the noise caused by dynamic alerts, freeing up security analysts. The whole system becomes faster, more reliable and leaner.“

Beyond the technical features, IKARUS and HarfangLab emphasize full transparency and sovereignty in data processing. HarfangLab Guard can be operated in the IKARUS cloud, a private cloud, or on-premises. The capabilities and features remain identical across all options—a notable exception in the market. Additionally, the scope of data processing can be customized and reviewed at any time. “Even the rule set for detecting attack patterns is open and accessible,” emphasizes Stefan Vogt. This ensures that security analysts can always trace which events or event chains triggered alerts and even extend the rules themselves.

What the MITRE ATT&CK Evaluation means for organisations

Through realistic testing, MITRE ATT&CK Evaluations allow organisations to evaluate the results of different vendors to find the right solution.

“The latest MITRE results showcase the excellence of HarfangLab’s EDR in all aspects: enhanced detection with capabilities across all OS, complete protection with immediate blocking of cyberattacks and near-zero false positive rate to ensure that analysts and cyber experts focus on relevant alerts,” said Grégoire Germain, CEO of HarfangLab: “These results also attest to HarfangLab’s dedication – shared with our partner IKARUS – to provide our customers with the best cybersecurity solutions to help them in the daily fight against cyberattackers.”

The combination of two leading European products into one powerful system also strengthens Europe’s technological independence. „The results show that we also have the expertise and excellence in Europe to be at the forefront of technology in the EDR market,“ said Joe Pichlmayr, CEO of IKARUS: „ Our product, developed in collaboration with HarfangLab, offers European companies an attractive alternative to the American market leaders.“

Link: Results of the MITRE ATT&CK Evaluations 2024