Global cybersecurity leader CrowdStrike said it delivered 100 percent detection and 100 percent protection during the 2025 MITRE ATT&CK Enterprise Evaluation, the most demanding in the program’s history.
As part of MITRE’s cloud adversary emulation, CrowdStrike was able to deliver perfect scores with no false positives, the company said. MITRE’s emulation involved attacks that moved across identity, endpoint and cloud, officials said, but CrowdStrikes unified Falcon platform demonstrated an architectural advantage and was able to stop the cross-domain threats.
“These were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats,” Michael Sentonas, president of CrowdStrike, said. “Delivering 100 percent detection, 100 percent protection, and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform – complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response.”
Officials said MITRE exercised full cross-domain tradecraft, effectively testing the strength of the underlying platform architecture by emulating real-world attacks from Chinese state-sponsored espionage group MUSTANG PANDA, and eCrime group SCATTERED SPIDER. It also introduced new early-stage techniques to assess whether a platform can detect and contain activity before attackers can establish a foothold or move laterally.
CrowdStrike said the Falcon platform was able to detect threats and protect against them at every stage, stopping credential abuse, lateral movement, and cloud exploitation.
“Throughout both detection and protection scenarios, the Falcon platform achieved perfect coverage while maintaining the high-fidelity, no-noise alerting that security teams demand,” the company said. “Alert fatigue can easily overwhelm defenders, which can potentially lead to missing real threats.”
MITRE ATT&CK Enterprise Evaluations are independent, publicly documented tests that measure how well cybersecurity products detect and respond to real-world threat actors, or common attack techniques.