CrowdStrike delivered 100% detection and 100% protection with no false positives in the 2025 MITRE ATT&CK Enterprise Evaluations – the most technically demanding in the program’s history. Through MITRE’s first-ever cloud adversary emulation with attacks that moved across identity, endpoint, and cloud, the unified Falcon platform demonstrated the architectural advantage required to stop modern cross-domain threats.
“These were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats,” said Michael Sentonas, President of CrowdStrike. “Delivering 100% detection, 100% protection, and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform – complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response.”
Testing Unified Platform Capabilities Against Real-World, Cross-Domain Attacks
This year’s MITRE evaluations expanded beyond endpoint techniques to assess true platform capabilities in defending against real-world attacks that move across identity, endpoint, and cloud. As the leading unified security platform participating in this year’s evaluations, CrowdStrike achieved 100% detection and 100% protection with no false positives across the full attack sequence.
In the most demanding evaluations to date, MITRE exercised full cross-domain tradecraft, effectively testing the strength of the underlying platform architecture – not just its detections. To execute this expanded scope, MITRE emulated real-world attacks from Chinese state-sponsored espionage group MUSTANG PANDA, and eCrime group SCATTERED SPIDER – two adversaries known for their sophistication, stealth, and ability to compromise cloud environments. It also introduced new early-stage techniques to assess whether a platform can detect and contain activity before attackers can establish a foothold or move laterally.
The Falcon platform delivered complete detection and protection at every stage, stopping credential abuse, lateral movement, and cloud exploitation exactly as exercised in MITRE’s scenarios – demonstrating the power of a single, unified platform to stop modern cross-domain attacks.
