WatchGuard Technologies delivers MITRE ER7 detection results

WatchGuard Technologies said its endpoint security delivered full detection and prevention in the MITRE ATT&CK Enterprise Round 7 Windows “Hermes” scenario, a result the company framed as reducing alert volume and lowering operational burden for managed service providers.

The company positioned the findings as operationally relevant for MSPs, stating the outcomes reduced unnecessary escalations, shortened response cycles, and improved analyst efficiency while supporting partner service delivery and scale in the endpoint security market.

In the Windows “Hermes” scenario, the evaluation recorded 100% step detection across the entire evaluation, 96% sub-step detection (27 of 28), and 100% prevention of all malicious actions, while reporting no legitimate activity blocked and only three high-fidelity alerts across two full attack paths.

WatchGuard participated in the MITRE ATT&CK® ER7 Evaluation with both initial and configuration-change detection runs in the Windows scenario and a protection evaluation, with results cited from MITRE's Detections Evaluation for the initial and configuration-change runs and the MITRE Protection Evaluation for prevention outcomes.

“Security teams and MSPs need protection that works without slowing down their business,” said Andrew Young, chief product officer and senior vice president product management at WatchGuard Technologies. “These results prove that full protection doesn’t require more workload. With WatchGuard, you get fewer alerts, fewer manual interventions, and faster response times, which is exactly what our partners count on to deliver reliable and scalable security services.” “We’ve relied on WatchGuard’s endpoint security for years,” said Neil Holme, founder and CEO of Impact Business Technology, a WatchGuard Managed Services Provider (MSP). “MITRE ER7 simply confirms what we already knew: WatchGuard turns EDR from reactive to proactive. Anything unknown is untrusted. Every alert comes with the confidence that the response has already been initiated. No guesswork. Just better protection.”