* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Announcement](https://www.paloaltonetworks.com.au/blog/category/announcement/)
* Palo Alto Networks Excels...

# Palo Alto Networks Excels in MITRE Managed Services Evaluation

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2024%2F06%2Funit-42-mdr-in-mitre-managed-services-evaluation%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Excels+in+MITRE+Managed+Services+Evaluation&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2024%2F06%2Funit-42-mdr-in-mitre-managed-services-evaluation%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2024%2F06%2Funit-42-mdr-in-mitre-managed-services-evaluation%2F&title=Palo+Alto+Networks+Excels+in+MITRE+Managed+Services+Evaluation&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2024/06/unit-42-mdr-in-mitre-managed-services-evaluation/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Excels in MITRE Managed Services Evaluation)  
Link copied  
By [Sharon Maydar](https://www.paloaltonetworks.com/blog/author/sharon-maydar/?ts=markdown "Posts by Sharon Maydar")  
Jun 18, 2024  
5 minutes  
[Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[EDR](https://www.paloaltonetworks.com/blog/tag/edr/?ts=markdown)  
[endpoint security](https://www.paloaltonetworks.com/blog/tag/endpoint-security/?ts=markdown)  
[managed services](https://www.paloaltonetworks.com/blog/tag/managed-services/?ts=markdown)  
[MITRE Engenuity](https://www.paloaltonetworks.com/blog/tag/mitre-engenuity/?ts=markdown)  
[Unit 42 MDR](https://www.paloaltonetworks.com/blog/tag/unit-42-mdr/?ts=markdown)

## **Palo Alto Networks Unit 42 is a leader in MDR, delivering MTTD twice as fast as the average participant and leveraging the industry's best XDR technology.**

Today, MITRE Engenuity unveiled the results of its second-ever [**ATT\&CK Evaluations for Managed Services**](https://start.paloaltonetworks.com/mitre-attack-evaluation-for-mdr). For the second consecutive year, [Unit 42 Managed Detection and Response (MDR)](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response) excelled in the evaluation, delivering MTTD *twice as fast as the average participant* . We leveraged Palo Alto Networks industry-leading Cortex XDR,*the only product that achieved* [100% protection and 100% detection coverage during the previous round of the MITRE Enterprise Evaluations](https://www.paloaltonetworks.com/blog/2023/09/mitre-engenuity-attck-evaluations-results/). With Cortex XDR behind Unit 42 MDR, we deliver the industry's best detection and response to sophisticated cyberthreats.

#### **Unit 42 MDR sent 37 email alerts during the evaluation. Other vendors sent more than 300 email alerts** -- **nearly 10x the amount we sent.**

We deliver the most important and actionable information as quickly as possible in order to enable accurate, efficient and confident decisions about next steps. With Unit 42 MDR, customers receive a balanced combination of high-quality information, granularity and speed.

![Chart of email alerts sent.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/mitre-blog-image-2.png)

As part of the evaluation, we delivered a detailed [**threat report**](https://start.paloaltonetworks.com/mitre-attack-evaluation-for-mdr) highlighting crucial information for response and remediation. Our executive summary quickly identifies answers to the most important questions facing an organization under attack:

* * How important is this threat?
  * Who is the adversary, and what is their intent?
  * How was the attack executed (TTPs)?
  * What is the impact?
  * How should you respond?

#### **Background on the test --- MITRE ATT\&CK Evaluation Managed Services: menuPass + ALPHV BlackCat.** [![](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/06/word-image-323465-2-2.png)](https://start.paloaltonetworks.com/mitre-attack-evaluation-for-mdr)

Third-party evaluations like MITRE's shed light on how vendors would realistically perform against real-world, highly sophisticated threats in a customer environment.

This year's evaluation was a rigorous 5-day test, named [MITRE ATT\&CK Evaluation Managed Services: menuPass + ALPHV BlackCat.](https://attackevals.mitre-engenuity.org/managed-services/menupass-blackcat/) The evaluation is closed book; vendors are not given prior information on the adversary or techniques. Vendors provide analysis in the same format they deliver reports to their customers. MITRE Engenuity's evaluation prohibits prevention or remediation, unlike in real-world scenarios.

According to MITRE, this test included sophisticated techniques, including multi-subsidiary compromise with overlapping operations focusing on defense evasion, exploiting trusted relationships, data encryption and inhibiting system recovery.

## Our Results

Our [Unit 42 MDR](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response) team leveraged Cortex XDR, high fidelity threat-intelligence and AI-powered analytics to accurately identify/attribute the two adversaries as [APT10](https://unit42.paloaltonetworks.com/unit42-menupass-returns-new-malware-new-attacks-japanese-academics-organizations/) (aka menuPass) and [BlackCat](https://unit42.paloaltonetworks.com/blackcat-ransomware/) (aka ALPHV).

We mapped key details of the suspicious activity in the evaluation to MITRE ATT\&CK TTPs and identified the threat actors' maneuvers and intentions. By helping our customers understand adversary tactics and tools, they can better target their defense strategies and improve cyber resilience.

In the first few pages of our threat report, we included a [**threat brief**](https://start.paloaltonetworks.com/mitre-attack-evaluation-for-mdr) that accurately identified the impacted hosts and usernames on the attack chain. Our report accompanied messages to the customer, delivered via Cortex XDR. Unit 42 MDR is natively integrated into Cortex XDR and all Unit 42 MDR customers have immediate access to all alerts in the Cortex XDR console.

Normally, we would immediately inform the customer upon identifying a verified threat and start remediation actions. However, remediation was not permitted by MITRE in this test, so we provided recommendations for remediation and posture hardening.

## We're the Only Vendor Backed by the Best XDR on the Market

Our Unit 42 MDR service is a powerful combination of the industry's best extended detection and response technology -- Cortex XDR -- and world-renowned Unit 42 expertise and threat intelligence. Unit 42 MDR includes proactive threat hunting to help customers detect the most evasive and sophisticated threats.

Organizations partner with MDR providers to help them more quickly, accurately and effectively address threats 24/7/365. According to the [Unit 42 Incident Response Report](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report), attacks are happening in just hours, and time to exfiltration is often less than a day. Read our [MDR threat report](https://start.paloaltonetworks.com/mitre-attack-evaluation-for-mdr) and see how Unit 42 can help your organization accurately and quickly understand the most important information related to a threat with actionable, clear recommendations.

We want to thank the MITRE Engenuity team for the effort they put into running this evaluation.

#### [Learn more about Unit 42 Managed Services](https://start.paloaltonetworks.com/contact-unit42-mdr.html)and how we can help your organization better defend against today's threats.

### **A Note About MTTD**

Importantly, in this evaluation MITRE Engenuity defined MTTD in a unique way: *"MTTD is the average time between when an attack is run and when the managed service provider triggers an alert on this attack* . *The timestamp on the first email relevant to the step in question was used.*" You may be confused as usually MTTD is defined as the average time of alert detection within the product. MITRE Engenuity advised they use email timestamps as they're immutable and cannot be manipulated on the backend.

*These results continue a trend of industry-leading validation for Cortex XDR and Unit 42 MDR in independent, third-party security assessments, including the* [*MITRE Enterprise ATT\&CK Evaluations*](https://www.paloaltonetworks.com/blog/2023/09/mitre-engenuity-attck-evaluations-results/)*,* [*Forrester XDR Wave*](https://www.paloaltonetworks.com/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/)*and* [*Frost Radar: Global MDR*](https://www.paloaltonetworks.com/blog/2024/03/unit-42-mdr-a-leader-in-mdr/)*.*

*MITRE does not rank or rate participants in the evaluation*

*This blog refers to MITRE Engenuity's Managed Services Evaluation, which is different to MITRE Engenuity Enterprise Evaluations.
Read our Threat Report* [*here.*](https://start.paloaltonetworks.com/mitre-attack-evaluation-for-mdr)

*** ** * ** ***

## Related Blogs

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Forrester Names Palo Alto Networks a Leader in XDR](https://www.paloaltonetworks.com.au/blog/2024/06/forrester-names-palo-alto-networks-a-leader-in-xdr/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### 2022 MITRE Engenuity ATT\&CK Evaluations Results](https://www.paloaltonetworks.com.au/blog/2022/03/mitre-engenuity-evaluations-round-4-results/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Reports](https://www.paloaltonetworks.com/blog/category/reports/?ts=markdown)

[#### A Leader in the 2025 Gartner Magic Quadrant for EPP --- 3 Years Running](https://www.paloaltonetworks.com.au/blog/2025/07/named-a-leader-gartner-magic-quadrant/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### ONLY Cortex Delivers 100% Protection and Detection in MITRE Engenuity](https://www.paloaltonetworks.com.au/blog/2023/09/mitre-engenuity-attck-evaluations-results/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/security-operations/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Cortex and IBM Enhance Modern Incident Response](https://www.paloaltonetworks.com.au/blog/2023/02/cortex-and-ibm-enhance-modern-incident-response/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Unit 42](https://unit42.paloaltonetworks.com), [Web Security](https://www.paloaltonetworks.com/blog/category/web-security/?ts=markdown)

[#### Unit 42 Strikes Oil in MITRE Engenuity Managed Services Evaluation](https://www.paloaltonetworks.com.au/blog/2022/11/unit-42-mitre-managedservices-2022/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language