MITRE ATT&CK Evaluation Showcases FireEye Endpoint Security and Mandiant Managed Defense

FireEye delivered the most comprehensive coverage across all detection categories in evaluation simulating real-world attacks by Russian-backed adversary APT29

MILPITAS, Calif. – April 23, 2020 – FireEye, Inc. (NASDAQ: FEYE), the intelligence-led security company, today announced that FireEye® Endpoint Security and Mandiant® Managed Defense delivered the most comprehensive coverage across all detection categories in the MITRE ATT&CK evaluation.

FireEye was one of 21 vendors selected to participate in the MITRE ATT&CK® evaluation. The evaluation simulated real-world attacks used by the Russian-backed adversary APT29. This year’s evaluation included a new detection category called MSSP that highlights vendors’ ability to enrich alerts with enhanced context. Mandiant Managed Defense had one of the highest number of enriched alerts in the new MSSP detection category defined by MITRE, showcasing the advanced threat hunting and detection capabilities of the managed detection and response (MDR) service.

“We view the evaluations as a collaborative process to help the participating vendors improve their products, which ultimately makes cyberspace safer for everyone,” said Frank Duff, ATT&CK Evaluations lead. “Taken as a whole, the results indicate that the participating vendors are beginning to understand how to detect the advanced techniques used by groups like APT29, and develop products that provide actionable data in response for their users.”

MITRE developed and maintains ATT&CK based on open source reporting of adversary tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools, and processes as they evaluate and select options to improve their network defense.

FireEye Delivered Most Comprehensive Coverage of All Tools Tested

MITRE evaluations do not constitute a rank, score, or endorsement. However, the results found that FireEye Endpoint Security delivered the most coverage against APT29 attacks across all detection categories including General, Technique, Tactic, MSSP, and Telemetry.

“There is more than one way to detect a threat. This latest MITRE evaluation replicating the real-world tactics, techniques, and procedures (TTPs) employed by APT29 reinforces the importance of this point,” said Michelle Salvado, Vice President of Engineering and Endpoint GM at FireEye. “Customers who drill into the results will see FireEye had the most comprehensive coverage of all the tested vendors, with the greatest number of total cumulative detections. This highlights the full strength of our solution. We continue to know more about the adversary than other security companies. As attacks evolve, the breadth of detection and protection that FireEye Endpoint Security and Mandiant Managed Defense offer becomes much more critical.”

Key FireEye performance highlights include:

  • Most comprehensive coverage: FireEye earned the highest cumulative detections across all categories (General, Technique, Tactic, MSSP, and Telemetry) among the 21 evaluated vendors. This includes counts where vendors had more than one way of identifying a threat for a particular attack tested, signifying depth of coverage. This is reflective of the adaptive, in-depth defense approach that allows FireEye to discover malicious activity via multiple detection techniques.
  • Highest number of Technique detections: FireEye earned the highest number of Technique detections amongst all 21 vendors. MITRE evaluates the Technique category based on how the tool provides rich data that answers the question of precisely what was done and why. This is a measure of how many alerts directly map to the MITRE ATT&CK framework.
  • Highest number of Product detections and Telemetry: This showcased that not only does FireEye offer the most comprehensive coverage, but it also provides analysts with enriched raw data to mitigate and respond to a threat. 
  • Most comprehensive context around the threat: MITRE utilized a new detection category (MSSP) to highlight managed capabilities of EDR vendors. Using detailed investigative reports and rapid response from Mandiant Managed Defense, FireEye provided the greatest context around the threats, and with one of the highest numbers of MSSP category detections.


Further details on how FireEye Endpoint Security performed in this MITRE ATT&CK evaluation can be found on the FireEye blog or on the MITRE website.

For more details on FireEye Endpoint Security, and to request a 30-day evaluation, visit, or take a self-guided tour by visiting

Organizations can validate their own endpoint vendor against APT29 as well as the key threat actors targeting their industry using the Mandiant Security Instrumentation Platform (formerly the Verodin® Security Instrumentation Platform). Request a demo at

Additional information on FireEye Mandiant Managed Defense is available at

About FireEye, Inc.

FireEye is the intelligence-led security company. Working as a seamless, scalable extension of customer security operations, FireEye offers a single platform that blends innovative security technologies, nation-state grade threat intelligence, and world-renowned Mandiant consulting. With this approach, FireEye eliminates the complexity and burden of cyber security for organizations struggling to prepare for, prevent, and respond to cyber attacks. FireEye has over 8,800 customers across 103 countries, including more than 50 percent of the Forbes Global 2000.

© 2020 FireEye, Inc. All rights reserved. FireEye, Mandiant and Verodin are registered trademarks or trademarks of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.