Sophos has achieved full detection coverage in the 2025 MITRE ATT&CK Enterprise Evaluation, an independent test designed to measure how security solutions detect real-world cyberattacks.
In the evaluation, Sophos XDR detected 100% of the adversary activity used across two advanced attack scenarios. The tests were based on Scattered Spider, a financially motivated cybercrime group, and Mustang Panda, a long-running China-linked espionage group.
The Scattered Spider scenario included attacks across Windows, Linux, and Amazon Web Services cloud environments, while the Mustang Panda scenario focused on Windows systems. Sophos also received the highest possible “Technique”-level rating for 86 of the 90 attack steps in the assessment, reflecting detailed and high-confidence detections.
“These two threat groups represent very different challenges for defenders, from financially driven cybercrime to long-term espionage,” said Simon Reed, Chief Research and Scientific Officer at Sophos. “Consistent detection across both scenarios shows the importance of strong behavioural visibility when responding to complex attacks.”
MITRE ATT&CK Evaluations are widely regarded as one of the most rigorous independent assessments of security detection capabilities. Rather than scoring prevention, the tests focus on how clearly and accurately security tools identify attacker behaviour, map it to known techniques, and provide context for investigation and response.
Security teams often use MITRE ATT&CK results alongside other independent benchmarks when evaluating endpoint and extended detection and response solutions. The 2025 Enterprise Evaluation is the seventh iteration of MITRE’s large-scale testing programme and reflects the growing complexity of modern, multi-stage cyberattacks.
Read Also: Sophos: Manufacturing Blocks More Ransomware As Attackers Pivot To Data Theft
