CrowdStrike Achieves 100% Detection and 100% Protection in the Most Demanding MITRE ATT&CK® Enterprise Evaluations to Date

AUSTIN, Texas--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) delivered 100% detection and 100% protection with no false positives in the 2025 MITRE ATT&CK® Enterprise Evaluations – the most technically demanding in the program’s history. Through MITRE’s first-ever cloud adversary emulation with attacks that moved across identity, endpoint, and cloud, the unified Falcon® platform demonstrated the architectural advantage required to stop modern cross-domain threats.

“These were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats,” said Michael Sentonas, president of CrowdStrike. “Delivering 100% detection, 100% protection, and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform – complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response.”

Testing Unified Platform Capabilities Against Real-World, Cross-Domain Attacks

This year’s MITRE evaluations expanded beyond endpoint techniques to assess true platform capabilities in defending against real-world attacks that move across identity, endpoint, and cloud. As the leading unified security platform participating in this year's evaluations, CrowdStrike achieved 100% detection and 100% protection with no false positives across the full attack sequence.

In the most demanding evaluations to date, MITRE exercised full cross-domain tradecraft, effectively testing the strength of the underlying platform architecture – not just its detections. To execute this expanded scope, MITRE emulated real-world attacks from Chinese state-sponsored espionage group MUSTANG PANDA, and eCrime group SCATTERED SPIDER – two adversaries known for their sophistication, stealth, and ability to compromise cloud environments. It also introduced new early-stage techniques to assess whether a platform can detect and contain activity before attackers can establish a foothold or move laterally.

The Falcon platform delivered complete detection and protection at every stage, stopping credential abuse, lateral movement, and cloud exploitation exactly as exercised in MITRE’s scenarios – demonstrating the power of a single, unified platform to stop modern cross-domain attacks.

Additional Resources

• To learn more about how CrowdStrike achieved a perfect detection and protection score, read our blog.
• For full results and more information about the evaluations, visit here.
• To register for the CrowdStrike CrowdCast on the MITRE ATT&CK® Enterprise Evaluations on December 17 (AMER), December 18 (APJ), or January 8 (Europe), visit here.

About CrowdStrike

CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | X | LinkedIn | Instagram
Start a free trial today: https://www.crowdstrike.com/trial

© 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.