CrowdStrike delivered 100% detection and 100% protection with no false positives in the 2025 MITRE ATT&CK Enterprise Evaluations â the most technically demanding in the programâs history. Through MITREâs first-ever cloud adversary emulation with attacks that moved across identity, endpoint, and cloud, the unified Falcon platform demonstrated the architectural advantage required to stop modern cross-domain threats.
âThese were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats,â said Michael Sentonas, President of CrowdStrike. âDelivering 100% detection, 100% protection, and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform â complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response.â
Testing Unified Platform Capabilities Against Real-World, Cross-Domain Attacks
This yearâs MITRE evaluations expanded beyond endpoint techniques to assess true platform capabilities in defending against real-world attacks that move across identity, endpoint, and cloud. As the leading unified security platform participating in this year’s evaluations, CrowdStrike achieved 100% detection and 100% protection with no false positives across the full attack sequence.
In the most demanding evaluations to date, MITRE exercised full cross-domain tradecraft, effectively testing the strength of the underlying platform architecture â not just its detections. To execute this expanded scope, MITRE emulated real-world attacks from Chinese state-sponsored espionage group MUSTANG PANDA, and eCrime group SCATTERED SPIDER â two adversaries known for their sophistication, stealth, and ability to compromise cloud environments. It also introduced new early-stage techniques to assess whether a platform can detect and contain activity before attackers can establish a foothold or move laterally.
The Falcon platform delivered complete detection and protection at every stage, stopping credential abuse, lateral movement, and cloud exploitation exactly as exercised in MITREâs scenarios â demonstrating the power of a single, unified platform to stop modern cross-domain attacks.
