CrowdStrike hits 100% in latest MITRE cross-domain tests

CrowdStrike has recorded perfect scores for detection and protection in the latest MITRE ATT&CK Enterprise Evaluations, which introduced cross-domain attack testing for the first time.

The cybersecurity company said it achieved 100% detection and 100% protection with no false positives in the 2025 round of tests. The evaluations assessed how security platforms handled multi-stage attacks that moved between identity, endpoint, and cloud environments.

MITRE used scenarios based on two known threat groups. It emulated activity from Chinese state-sponsored espionage group MUSTANG PANDA and e-crime group SCATTERED SPIDER. Both groups have a record of complex operations and cloud-focused attacks.

The new evaluations marked a shift in scope from earlier rounds. Previous tests focused mainly on endpoint techniques. The 2025 exercises examined how a unified platform handled full attack sequences across different domains.

CrowdStrike used its Falcon platform during the assessments. The platform sits at the centre of the company's strategy for defending endpoints, cloud workloads, identities, and data.

"These were the most challenging MITRE evaluations yet, and we participated to give the industry a transparent view into which platforms have the architecture to stop real-world threats," said Michael Sentonas, president, CrowdStrike. "Delivering 100% detection, 100% protection, and no false positives across these highly sophisticated, cross-domain attacks is a major achievement. The results show the power of the unified Falcon platform - complete protection with a first-class analyst experience that eliminates noise and complexity while accelerating response."

MITRE framed this year's programme as a test of platform architecture rather than point tools. The organisation applied what it described as "full cross-domain tradecraft". The exercises examined how well products contained activity as attackers moved laterally and targeted cloud infrastructure.

MITRE also added new early-stage techniques in the scenarios. These stages looked at how platforms handled initial access, credential abuse, and attempts to establish persistence. The tests checked whether products detected suspicious behaviour before attackers gained a strong foothold.

CrowdStrike said Falcon delivered complete detection and protection at every stage of the simulated campaigns. The company reported that the platform blocked credential abuse and lateral movement. It also reported that the platform stopped cloud exploitation in line with MITRE's scripted steps.

The focus on cross-domain attacks reflects broader changes in enterprise security. Many recent breaches have involved a mix of compromised user identities, endpoint malware, and abuse of cloud services. Security products now face pressure to correlate signals across those layers and to support unified response.

The new evaluations may influence how buyers compare security platforms. Independent results from MITRE tests often appear in procurement processes for large organisations. The cross-domain element introduces another dimension alongside traditional endpoint and detection metrics.

Vendors that joined the 2025 assessments faced a more demanding bar than in previous years. The scenarios covered cloud control planes, identity systems, and traditional devices. The tests also examined how well platforms presented data and alerts for analysts managing incidents.

CrowdStrike said the results underlined its approach of using a single, unified platform. The company positions Falcon as a way for security teams to manage detection, investigation, and response through one architecture.

The company plans further engagement around the findings. It will publish additional material that describes how it achieved its scores in the evaluations. It also plans a series of online events that will walk customers and prospects through the MITRE scenarios and outcomes.

Sentonas said the company saw the expanded tests as a bellwether for the industry's direction. "Delivering 100% detection and 100% protection in MITRE's most rigorous, real-world simulations of adversary tradecraft shows what a unified platform can achieve against the most advanced threats," said Sentonas.