MITRE ATT&CK Evaluation ER7 Results & WatchGuard Endpoint

The 2025 MITRE ATT&CK Evaluations (Enterprise Round 7) introduced a fundamental shift in how endpoint security effectiveness is measured. Beyond detection coverage, MITRE now exposes operational friction—alert noise, false positives, and business disruption caused by overly aggressive controls.

In this session, we analyze Scenario 1, “Hermes”, a real-world inspired cyber-espionage campaign modeled after Mustang Panda. This low-and-slow adversary leverages living-off-the-land techniques, legitimate administrative tools, and stealthy lateral movement to evade traditional defenses. For the first time, MITRE explicitly injected legitimate administrator activity to test whether security platforms could differentiate real attacks from normal IT operations.

WatchGuard’s results demonstrate that high-fidelity detection and early-stage prevention do not require sacrificing operational efficiency. Attendees will learn how WatchGuard achieved full attack visibility, zero legitimate activity disruption, and early blocking of malicious actions—proving that precision, not noise, is the future of endpoint security.