私の着眼点での集計
今回は、MITRE ATT&CK Evaluations (2022)の個人的な結果検証 その3に示した4つの観点での集計結果を展開します。
マルウェアそのものの動作、コマンドの実行などの振る舞い、ネットワークの振る舞い、ファイルやデータそのものの判定、の4つに分類しています。
それぞれの検知状況を元に、それぞれのソリューションがどのような点に強いのか、または弱いのかを判断できるのではと思い、集計結果を掲載します。
なお、MITRE ATT&CK Evaluations (2022)の個人的な結果検証 その1の留意点に書いたとおり、コストや誤検知・過検知、運用までは分からず、あくまで集計結果であることをご承知ください。
AhnLab
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 14 | 2 | 4 | 70% |
Command Level Behavior | 30 | 10 | 0 | 75% |
Network | 14 | 11 | 3 | 50% |
File or data attribute | 1 | 1 | 0 | 50% |
(合計) | 59 | 24 | 7 | 65.56% |
Bitdefender
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 19 | 0 | 1 | 95% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 35 | 0 | 1 | 97.22% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 106 | 0 | 3 | 97.25% |
Check Point
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 17 | 0 | 3 | 85% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 33 | 0 | 3 | 91.67% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 103 | 0 | 6 | 94.50% |
Cisco
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 6 | 4 | 10 | 30% |
Command Level Behavior | 47 | 2 | 2 | 92.16% |
Network | 19 | 10 | 7 | 52.78% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 74 | 16 | 19 | 67.89% |
CrowdStrike
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 11 | 8 | 1 | 55% |
Command Level Behavior | 50 | 0 | 1 | 98.04% |
Network | 31 | 3 | 2 | 86.11% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 94 | 11 | 4 | 86.24% |
Cybereason
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 19 | 1 | 0 | 95% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 36 | 0 | 0 | 100% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 108 | 1 | 0 | 99.08% |
CyCraft
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 3 | 2 | 15 | 15% |
Command Level Behavior | 45 | 4 | 2 | 88.24% |
Network | 16 | 7 | 13 | 44.44% |
File or data attribute | 0 | 0 | 2 | 0% |
(合計) | 64 | 13 | 32 | 58.72% |
BlackBerry Cylance
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 12 | 1 | 7 | 60% |
Command Level Behavior | 43 | 5 | 3 | 84.31% |
Network | 15 | 12 | 9 | 41.67% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 71 | 18 | 20 | 65.14% |
Cynet
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 19 | 0 | 1 | 95% |
Command Level Behavior | 48 | 2 | 1 | 94.12% |
Network | 33 | 3 | 0 | 91.67% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 102 | 5 | 2 | 93.58% |
Deep Instinct
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 4 | 2 | 14 | 20% |
Command Level Behavior | 37 | 2 | 1 | 92.5% |
Network | 17 | 0 | 11 | 60.71% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 59 | 4 | 27 | 65.56% |
Elastic
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 9 | 3 | 8 | 45% |
Command Level Behavior | 47 | 4 | 0 | 92.16% |
Network | 14 | 20 | 2 | 38.89% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 71 | 27 | 11 | 65.14% |
ESET
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 6 | 1 | 13 | 30% |
Command Level Behavior | 40 | 0 | 0 | 100% |
Network | 21 | 5 | 2 | 75% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 69 | 6 | 15 | 76.67% |
Fidelis
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 10 | 4 | 6 | 50% |
Command Level Behavior | 50 | 1 | 0 | 98.04% |
Network | 24 | 3 | 9 | 66.67% |
File or data attribute | 1 | 1 | 0 | 50% |
(合計) | 85 | 9 | 15 | 77.98% |
FireEye
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 7 | 0 | 13 | 35% |
Command Level Behavior | 46 | 4 | 1 | 90.20% |
Network | 31 | 0 | 5 | 86.11% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 85 | 4 | 20 | 77.98% |
Fortinet
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 18 | 0 | 2 | 90% |
Command Level Behavior | 40 | 0 | 0 | 100% |
Network | 25 | 2 | 1 | 89.29% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 85 | 2 | 3 | 94.44% |
Malwarebytes
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 13 | 0 | 7 | 65% |
Command Level Behavior | 40 | 0 | 0 | 100% |
Network | 28 | 0 | 0 | 100% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 83 | 0 | 7 | 92.22% |
McAfee
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 13 | 5 | 2 | 65% |
Command Level Behavior | 45 | 6 | 0 | 88.24% |
Network | 25 | 11 | 0 | 69.44% |
File or data attribute | 1 | 1 | 0 | 50% |
(合計) | 84 | 23 | 2 | 77.06% |
Microsoft
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 10 | 0 | 10 | 50% |
Command Level Behavior | 50 | 0 | 1 | 98.04% |
Network | 36 | 0 | 0 | 100% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 98 | 0 | 11 | 89.91% |
Palo Alto Networks
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 18 | 0 | 2 | 90% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 36 | 0 | 0 | 100% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 107 | 0 | 2 | 98.17% |
Qualys
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 2 | 4 | 14 | 10% |
Command Level Behavior | 40 | 0 | 0 | 100% |
Network | 8 | 11 | 9 | 28.57% |
File or data attribute | 0 | 1 | 1 | 0 |
(合計) | 50 | 16 | 24 | 55.56% |
Rapid7
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 0 | 1 | 19 | 0% |
Command Level Behavior | 20 | 26 | 5 | 39.22% |
Network | 3 | 12 | 21 | 8.33% |
File or data attribute | 0 | 0 | 2 | 0% |
(合計) | 23 | 39 | 47 | 21.10% |
ReaQta
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 6 | 3 | 11 | 30% |
Command Level Behavior | 35 | 2 | 3 | 87.5% |
Network | 20 | 4 | 4 | 71.43% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 62 | 9 | 19 | 68.89% |
SentinelOne
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 19 | 0 | 1 | 95% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 36 | 0 | 0 | 100% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 108 | 0 | 1 | 99.08% |
Somma
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 2 | 5 | 13 | 10% |
Command Level Behavior | 25 | 14 | 1 | 62.5% |
Network | 1 | 20 | 7 | 3.57% |
File or data attribute | 0 | 1 | 1 | 0% |
(合計) | 28 | 40 | 22 | 31.11% |
Sophos
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 5 | 5 | 10 | 25% |
Command Level Behavior | 45 | 4 | 2 | 88.24% |
Network | 16 | 11 | 9 | 44.44% |
File or data attribute | 1 | 1 | 0 | 50% |
(合計) | 67 | 21 | 21 | 61.47% |
Broadcom Symantec
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 6 | 2 | 12 | 30% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 29 | 2 | 5 | 80.56% |
File or data attribute | 1 | 1 | 0 | 50% |
(合計) | 87 | 5 | 17 | 79.82% |
Trend Micro
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 15 | 1 | 4 | 75% |
Command Level Behavior | 51 | 0 | 0 | 100% |
Network | 32 | 4 | 0 | 88.89% |
File or data attribute | 2 | 0 | 0 | 100% |
(合計) | 100 | 5 | 4 | 91.74% |
Uptycs
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 12 | 2 | 6 | 60% |
Command Level Behavior | 46 | 4 | 1 | 90.20% |
Network | 22 | 4 | 10 | 61.11% |
File or data attribute | 1 | 1 | 0 | 50% |
(合計) | 81 | 11 | 17 | 74.31% |
VMware Carbon Black
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 4 | 5 | 11 | 20% |
Command Level Behavior | 38 | 12 | 1 | 74.51% |
Network | 15 | 15 | 6 | 41.67% |
File or data attribute | 0 | 1 | 1 | 0% |
(合計) | 57 | 33 | 19 | 52.29% |
WithSecure
〇 | △ | × | 検知率 | |
Malware Inside Behavior | 5 | 2 | 13 | 25% |
Command Level Behavior | 41 | 10 | 0 | 80.39% |
Network | 19 | 5 | 12 | 52.78% |
File or data attribute | 1 | 0 | 1 | 50% |
(合計) | 66 | 17 | 26 | 60.55% |