Decoding Turla: Trend Micro’s MITRE Performance

As adversaries continue to innovate and find creative and increasingly aggressive techniques, it is critical organizations have the necessary protection, visibility, and detection capabilities to effectively thwart breach attempts, while maintaining business operations.

The MITRE ATT&CK framework provides a common language for security practitioners to understand, visualize, and respond to the adversarial tactics, techniques, and procedures (TTPs) found in their environment. This year, the MITRE Engenuity ATT&CK evaluation tested cybersecurity vendors against simulated attack scenarios mimicking the adversary group “Turla.”


Trend Micro’s 100% successful protection performance in this year’s evaluation represents our commitment and investment in modern, proactive preventative controls. Trend’s protection results reflect and reinforce our achievements and consistently validated leadership in the endpoint protection, EDR, and XDR categories.

When it came to visibility and analytics, Trend showed strong coverage across the MITRE ATT&CK Matrix and successfully detected all the necessary steps to alert, respond, and contain an attack before it could progress to a full breach. Trend’s platform-approach was particularly effective in surfacing high-fidelity detection alerts in early- and mid-chain tactics, ensuring agile and decisive counteractions to threat actors.

Today, security and SOC teams are inundated with an overwhelming volume of detection alerts and noise. Our visibility and analytics performance represents a finely tuned balance between managing alert fatigue and analyst experience by alerting on early and critical adversarial tactics and techniques. This balance ensures threat activity is contained at the first opportunity with greater prioritization and without noise. In each simulation, there was no scenario where Turla attack attempts successfully breached the environment without either being detected or disrupted.

  • 100% prevention and protection
  • 100% on critical TTP visibility
  • 100% on critical TTP detection

Because Trend detected adversarial activity earlier in the attack chain, combined with Trend Vision One’s deeply integrated native response capabilities, security teams can expect to achieve resilient mean-time-to-detect (MTTD) and mean-time-to-respond (MTTR) performance indicators and feel confident knowing they have comprehensive visibility and protection against these specific attacks.

Forward Vision

During the March 2023 evaluation period an earlier version of our endpoint technology had been used for testing. While we maintained a strong performance in the evaluation, the visibility levels achieved, at 88% total visibility, did not accurately represent the advanced capabilities found in our new endpoint agent, Vision One Endpoint Security. This latest offering became generally available to all customers in July 2023.

At Trend we are dedicated to continuous iteration and improvement to equip security teams with cutting-edge solutions to keep their organizations safe. These relevant areas of improvement surfaced through the Turla scenarios have been resourced with dedicated engineering and development efforts to match the high standard we hold ourselves to and which our users expect.

Upcoming evaluations will showcase the updated capabilities of our modernized endpoint agent, Vision One Endpoint Security, enhancing detection across endpoints, servers, and cloud workloads for stronger detection and security outcomes as part of the broader Trend Vision One cybersecurity platform.

Platform Influence

Today’s modern threat landscape demands security organizations access not just cutting-edge products, but a robust platform to address risk proactively to minimize the likelihood of breach.

Trend Vision One’s progressive platform approach consolidates more of the customer environment to bridge the gap between threat protection and proactive cyber risk management. Vision One delivers the broadest set of native security sensors in the market including endpoint, server, workload, email, network, OT, and cloud. Organizations protected by Trend platform security benefit from:

  • Strong security outcomes: Continuous attack surface discovery and real-time risk assessment enables businesses to identify, prioritize, and remediate risk including vulnerabilities and exposures based on likelihood and impact of attack.
  • True centralized visibility: Siloed security tools make it challenging to understand the full scope of an attack. Trend delivers correlated XDR visibility natively integrated and built to eliminate security gaps for rapid MTTD and MTTR.
  • Minimized cost and complexity: Tool sprawl is inherently expensive and complicated. Access simplified procurement, licensing, and favorable packaging and training benefits.
  • Contextualized cyber risk quantification and reporting: Centralized reporting and real-time risk and threat data enables security leaders to confidently quantify, benchmark, and communicate cyber risk, security posture, and resilience planning.
  • AI/ML and Automation: AI/ML, generative AI, and automation playbooks speed up time to understand and respond, while cutting through the noise to mitigate threats sooner by identifying patterns and anomalies, reducing false positives, accelerating response times, and enabling more confident actions.

Manage security holistically with comprehensive prevention, detection, and response capabilities powered by AI, leading threat research and intelligence. Explore Trend Vision One.

Read More HERE