The 2022 ATT&CK Evaluations for Managed Services Call for Participation is now open. Click here to learn how to participate.
Home  >  Enterprise  >  Participants  >  F-Secure  > Carbanak+FIN7 Configuration


F-Secure Configuration

The following product description and configuration information was provided by the vendor and has been included in its unedited form. Any MITRE Engenuity comments are included in italics.


Product Versions

F-Secure Detection and Response

Product Description

F-Secure’s Rapid Detection & Response (RDR) solution provides an EDR capability as part of the company’s single-agent endpoint security offering. RDR collects a breadth of endpoint, user, and network telemetry from Windows, macOS and Linux endpoints that is then automatically analyzed to identify suspicious activity. The alerts generated from this analysis are visualized as Broad Context Detections and accompanied with a risk score for prioritization of alerts, and guidance on response actions that should be taken. All detections are linked to the MITRE ATT&CK framework to provide a common taxonomy, aiding the investigation process. Where users require additional support, they can use the built-in ‘Elevate to FSecure’ service to request threat analysis and investigation assistance from the Countercept Detection & Response Team.

F-Secure Countercept is a Managed Detection and Response service employing F-Secure’s ‘xDR’ technology platform to provide a 24/7 detection and response capability that defends organization’s on-premises and cloud environments against human-operated attacks. When an attack is identified by the Detection & Response Team, it follows a well-rehearsed game plan to ensure the right actions are taken to contain the attacker in a single action. The Detection & Response Team dedicates time to researching the latest attacker techniques and use this research to drive continuous improvements in detection capability.

MITRE Engenuity Note: while Countercept was deployed, the response team was not supplying real-time detections. All results included were based on pre-defined logic and sensing capabilities.

Product Configuration

  • Detection – All telemetry enabled.
  • Response – Disabled.
  • Prevention – Disabled.
  • Cloud Detection – Disabled.