Rapid7 InsightIDR Successfully Completes The Latest MITRE Engenuity ATT&CK Enterprise Evaluation
InsightIDR is Rapid7’s industry-leading cloud SIEM and Extended Detection and Response (XDR) offering, and the included Insight Agent provides coverage across assets—in the cloud or on-premises—and powers InsightIDR’s endpoint detection and response (EDR) capabilities. The MITRE ATT&CK evaluation results showcase high-fidelity detections unlocked with InsightIDR and the Insight Agent. InsightIDR demonstrated consistent ability to detect threats early in the cyber kill chain, strong signal-to-noise, and solid visibility across the ATT&CK Framework, identifying telemetry, tactics, or techniques across 18 of the 19 phases presented in the attack simulations. The detections in this evaluation represent a small segment of the InsightIDR detections library, which provides native telemetry and high-fidelity detections across networks, users, and clouds in addition to endpoints—all vetted in the field by Rapid7’s managed detection and response (MDR) security operations center analysts to ensure relevancy and actionability for InsightIDR customers.
MITRE ATT&CK Evaluations prioritize threats that offer unique impact to businesses and governments worldwide. Through the lens of the ATT&CK knowledge base, the 2022 MITRE ATT&CK evaluations focused on two threat actors: Wizard Spider and Sandworm. Wizard Spider is a financially motivated criminal group that has been conducting ransomware campaigns since
“This MITRE ATT&CK evaluation demonstrates the high-fidelity detections that customers value with InsightIDR,” said
“This latest round indicates significant product growth from our vendor participants. We are seeing greater emphasis in threat-informed defense capabilities, which in turn has developed the infosec community’s emphasis on prioritizing the ATT&CK Framework,” said
With InsightIDR’s endpoint capabilities security professionals can:
- Unlock real-time monitoring for both on-premises and remote endpoints, and a vast library of critical attacker behavior and endpoint detections—all mapped in detail to the MITRE ATT&CK framework
- Bait attackers and address areas of exposure with honey credentials deployed by the agent, helping identify intruders on- or off-network
- Access enhanced endpoint telemetry—for custom detection, investigations, threat hunting, and forensics
- Achieve faster mean-time-to-respond (MTTR) with automated containment leveraging the Insight Agent with InsightIDR and its security orchestration, automation and response (SOAR) capabilities
To learn more about InsightIDR and the Insight Agent, visit the
The Evals team chose to emulate two threat groups that abuse the Data Encrypted For Impact (T1486) technique. In Wizard Spider’s case, they have leveraged data encryption for ransomware, including the widely known Ryuk malware (S0446). Sandworm, on the other hand, leveraged encryption for the destruction of data, perhaps most notably with their NotPetya malware (S0368) that disguised itself as ransomware. While the common thread to this year’s evaluations is “Data Encrypted for Impact,” both groups have substantial reporting on a broad range of post-exploitation tradecraft.
About MITRE Engenuity
MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.
MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader
For full results and more information about the MITRE evaluations, please visit: https://attackevals.mitre-engenuity.org/enterprise/wizard-spider-and-sandworm/.
Vice President, Investor Relations