MITRE released findings from its latest round of ATT&CK® evaluations, assessing the capabilities of enterprise cybersecurity solutions against some of the most prevalent ransomware tactics and North Korean malware.
According to William Booth, general manager of MITRE’s ATT&CK evaluations, the results revealed significant disparities between vendors’ detection rates and their ability to accurately distinguish malicious activity from benign system behavior.
"Some vendors had higher false-positive rates than detection rates, which indicates a need to better distinguish legitimate activity from malicious activity," Booth told CyberScoop.
One of the most striking discoveries was that some vendors had higher false-positive rates than actual detection rates. Booth explained that this indicates a significant need for vendors to improve the specificity of their detection and blocking capabilities.
"There are certain vendors where you'll see, yes, they had 100% detections, but their false-positive rate was also 90%," Booth said. "That's really interesting when you start to look at, OK, how can vendors determine what needs to be detected versus what is just noise?"