Threat Detection Report

Red Canary

MITRE ATT&CK™ has become the security industry’s de facto standard for measuring detection coverage and visibility. In 2017, Red Canary adopted the ATT&CK framework across our operations and platform to standardize the way we communicate about threats and detection coverage. We now have multiple years of detection data mapped back to ATT&CK.

This report includes:

• The most common ATT&CK techniques observed in our detection dataset
• Analysis on why these techniques are so prevalent
• Detection strategies for these techniques
• Industry breakdowns according to the endpoints we monitor