私の着眼点での集計

今回は、MITRE ATT&CK Evaluations (2022)の個人的な結果検証 その３に示した4つの観点での集計結果を展開します。

マルウェアそのものの動作、コマンドの実行などの振る舞い、ネットワークの振る舞い、ファイルやデータそのものの判定、の４つに分類しています。

それぞれの検知状況を元に、それぞれのソリューションがどのような点に強いのか、または弱いのかを判断できるのではと思い、集計結果を掲載します。

なお、MITRE ATT&CK Evaluations (2022)の個人的な結果検証 その1の留意点に書いたとおり、コストや誤検知・過検知、運用までは分からず、あくまで集計結果であることをご承知ください。

 

AhnLab

	〇	△	×	検知率
Malware Inside Behavior	14	2	4	70%
Command Level Behavior	30	10	0	75%
Network	14	11	3	50%
File or data attribute	1	1	0	50%
(合計)	59	24	7	65.56%

 

 

Bitdefender

	〇	△	×	検知率
Malware Inside Behavior	19	0	1	95%
Command Level Behavior	51	0	0	100%
Network	35	0	1	97.22%
File or data attribute	1	0	1	50%
(合計)	106	0	3	97.25%

 

 

Check Point

	〇	△	×	検知率
Malware Inside Behavior	17	0	3	85%
Command Level Behavior	51	0	0	100%
Network	33	0	3	91.67%
File or data attribute	2	0	0	100%
(合計)	103	0	6	94.50%

 

 

Cisco

	〇	△	×	検知率
Malware Inside Behavior	6	4	10	30%
Command Level Behavior	47	2	2	92.16%
Network	19	10	7	52.78%
File or data attribute	2	0	0	100%
(合計)	74	16	19	67.89%

 

CrowdStrike

	〇	△	×	検知率
Malware Inside Behavior	11	8	1	55%
Command Level Behavior	50	0	1	98.04%
Network	31	3	2	86.11%
File or data attribute	2	0	0	100%
(合計)	94	11	4	86.24%

 

 

Cybereason

	〇	△	×	検知率
Malware Inside Behavior	19	1	0	95%
Command Level Behavior	51	0	0	100%
Network	36	0	0	100%
File or data attribute	2	0	0	100%
(合計)	108	1	0	99.08%

 

 

CyCraft

	〇	△	×	検知率
Malware Inside Behavior	3	2	15	15%
Command Level Behavior	45	4	2	88.24%
Network	16	7	13	44.44%
File or data attribute	0	0	2	0%
(合計)	64	13	32	58.72%

 

 

BlackBerry Cylance

	〇	△	×	検知率
Malware Inside Behavior	12	1	7	60%
Command Level Behavior	43	5	3	84.31%
Network	15	12	9	41.67%
File or data attribute	1	0	1	50%
(合計)	71	18	20	65.14%

 

 

Cynet

	〇	△	×	検知率
Malware Inside Behavior	19	0	1	95%
Command Level Behavior	48	2	1	94.12%
Network	33	3	0	91.67%
File or data attribute	2	0	0	100%
(合計)	102	5	2	93.58%

 

 

Deep Instinct

	〇	△	×	検知率
Malware Inside Behavior	4	2	14	20%
Command Level Behavior	37	2	1	92.5%
Network	17	0	11	60.71%
File or data attribute	1	0	1	50%
(合計)	59	4	27	65.56%

 

 

Elastic

	〇	△	×	検知率
Malware Inside Behavior	9	3	8	45%
Command Level Behavior	47	4	0	92.16%
Network	14	20	2	38.89%
File or data attribute	1	0	1	50%
(合計)	71	27	11	65.14%

 

 

ESET

	〇	△	×	検知率
Malware Inside Behavior	6	1	13	30%
Command Level Behavior	40	0	0	100%
Network	21	5	2	75%
File or data attribute	2	0	0	100%
(合計)	69	6	15	76.67%

 

 

Fidelis

	〇	△	×	検知率
Malware Inside Behavior	10	4	6	50%
Command Level Behavior	50	1	0	98.04%
Network	24	3	9	66.67%
File or data attribute	1	1	0	50%
(合計)	85	9	15	77.98%

 

 

FireEye

	〇	△	×	検知率
Malware Inside Behavior	7	0	13	35%
Command Level Behavior	46	4	1	90.20%
Network	31	0	5	86.11%
File or data attribute	1	0	1	50%
(合計)	85	4	20	77.98%

 

 

Fortinet

	〇	△	×	検知率
Malware Inside Behavior	18	0	2	90%
Command Level Behavior	40	0	0	100%
Network	25	2	1	89.29%
File or data attribute	2	0	0	100%
(合計)	85	2	3	94.44%

 

 

Malwarebytes

	〇	△	×	検知率
Malware Inside Behavior	13	0	7	65%
Command Level Behavior	40	0	0	100%
Network	28	0	0	100%
File or data attribute	2	0	0	100%
(合計)	83	0	7	92.22%

 

 

McAfee

	〇	△	×	検知率
Malware Inside Behavior	13	5	2	65%
Command Level Behavior	45	6	0	88.24%
Network	25	11	0	69.44%
File or data attribute	1	1	0	50%
(合計)	84	23	2	77.06%

 

 

Microsoft

	〇	△	×	検知率
Malware Inside Behavior	10	0	10	50%
Command Level Behavior	50	0	1	98.04%
Network	36	0	0	100%
File or data attribute	2	0	0	100%
(合計)	98	0	11	89.91%

 

 

Palo Alto Networks

	〇	△	×	検知率
Malware Inside Behavior	18	0	2	90%
Command Level Behavior	51	0	0	100%
Network	36	0	0	100%
File or data attribute	2	0	0	100%
(合計)	107	0	2	98.17%

 

 

Qualys

	〇	△	×	検知率
Malware Inside Behavior	2	4	14	10%
Command Level Behavior	40	0	0	100%
Network	8	11	9	28.57%
File or data attribute	0	1	1	0
(合計)	50	16	24	55.56%

 

 

Rapid7

	〇	△	×	検知率
Malware Inside Behavior	0	1	19	0%
Command Level Behavior	20	26	5	39.22%
Network	3	12	21	8.33%
File or data attribute	0	0	2	0%
(合計)	23	39	47	21.10%

 

 

ReaQta

	〇	△	×	検知率
Malware Inside Behavior	6	3	11	30%
Command Level Behavior	35	2	3	87.5%
Network	20	4	4	71.43%
File or data attribute	1	0	1	50%
(合計)	62	9	19	68.89%

 

 

SentinelOne

	〇	△	×	検知率
Malware Inside Behavior	19	0	1	95%
Command Level Behavior	51	0	0	100%
Network	36	0	0	100%
File or data attribute	2	0	0	100%
(合計)	108	0	1	99.08%

 

 

Somma

	〇	△	×	検知率
Malware Inside Behavior	2	5	13	10%
Command Level Behavior	25	14	1	62.5%
Network	1	20	7	3.57%
File or data attribute	0	1	1	0%
(合計)	28	40	22	31.11%

 

 

Sophos

	〇	△	×	検知率
Malware Inside Behavior	5	5	10	25%
Command Level Behavior	45	4	2	88.24%
Network	16	11	9	44.44%
File or data attribute	1	1	0	50%
(合計)	67	21	21	61.47%

 

 

Broadcom Symantec

	〇	△	×	検知率
Malware Inside Behavior	6	2	12	30%
Command Level Behavior	51	0	0	100%
Network	29	2	5	80.56%
File or data attribute	1	1	0	50%
(合計)	87	5	17	79.82%

 

 

Trend Micro

	〇	△	×	検知率
Malware Inside Behavior	15	1	4	75%
Command Level Behavior	51	0	0	100%
Network	32	4	0	88.89%
File or data attribute	2	0	0	100%
(合計)	100	5	4	91.74%

 

 

Uptycs

	〇	△	×	検知率
Malware Inside Behavior	12	2	6	60%
Command Level Behavior	46	4	1	90.20%
Network	22	4	10	61.11%
File or data attribute	1	1	0	50%
(合計)	81	11	17	74.31%

 

 

VMware Carbon Black

	〇	△	×	検知率
Malware Inside Behavior	4	5	11	20%
Command Level Behavior	38	12	1	74.51%
Network	15	15	6	41.67%
File or data attribute	0	1	1	0%
(合計)	57	33	19	52.29%

 

 

WithSecure

	〇	△	×	検知率
Malware Inside Behavior	5	2	13	25%
Command Level Behavior	41	10	0	80.39%
Network	19	5	12	52.78%
File or data attribute	1	0	1	50%
(合計)	66	17	26	60.55%