Follow Us on Google
Sophos, a global cybersecurity company, has recorded a full detection score in the MITRE ATT&CK Enterprise 2025 Evaluation, marking its strongest performance in the independent assessment to date.
According to the results, Sophos XDR detected 100 per cent of adversary behaviours across two complex attack simulations involving Scattered Spider and Mustang Panda—threat actors known for financially motivated cybercrime and state-backed espionage activities respectively.
The Scattered Spider scenario, tracked by Sophos X-Ops as GOLD HARVEST, tested Sophos XDR’s ability to detect attacks spanning Windows, Linux and Amazon Web Services (AWS) cloud environments. The Mustang Panda scenario, tracked as BRONZE PRESIDENT, focused on advanced Windows-based intrusion techniques.
Beyond achieving full detection coverage across all 90 adversary sub-steps, Sophos XDR also earned the highest possible “Technique”-level ratings for 86 of the 90 evaluated actions. In the Scattered Spider simulation alone, the platform attained top ratings for 61 of 62 sub-steps related to identity abuse, cloud exploitation and data exfiltration, indicating strong visibility and actionable threat intelligence.
Speaking on the results, Sophos’ Chief Research and Scientific Officer, Simon Reed, said the outcome reflects the depth of the company’s analytics and the maturity of its detection and response capabilities.
“Scattered Spider and Mustang Panda represent distinct threat profiles that challenge defenders in very different ways. Achieving full detection coverage against both validates the accuracy and depth of Sophos’ analytics and demonstrates how our AI-native XDR platform converts complex telemetry into clear, actionable intelligence,” Reed said.
He added that Sophos’ consistent performance in successive MITRE ATT&CK evaluations is the result of sustained investment in improving its security platform, delivering stronger outcomes for customers facing increasingly sophisticated cyber threats.
Sophos noted that its platform processes more than 223 terabytes of security telemetry daily through Sophos Central, generating over 34 million detections and automatically blocking more than 11 million threats. The company said this scale of data enables continuous refinement of its detection models and improves protection for organisations worldwide.
On the threat actors evaluated, Sophos X-Ops described GOLD HARVEST (Scattered Spider) as a loosely affiliated cybercriminal group active since 2022, known for sophisticated social engineering tactics and high-profile attacks across the United Kingdom and United States. Despite multiple arrests, the group remains active and has, at times, collaborated with Russian-speaking ransomware operators.
BRONZE PRESIDENT (Mustang Panda), on the other hand, is a long-running state-aligned espionage group linked to China’s Ministry of State Security. The group has been associated with intelligence-led cyber operations targeting government institutions, military organisations and politically sensitive communities in Asia and beyond.
MITRE ATT&CK Enterprise Evaluations are regarded as one of the most rigorous independent assessments of security technologies, simulating real-world adversary tactics, techniques and procedures to measure how effectively vendors detect and analyse advanced attacks.
The 2025 evaluation marks the seventh Enterprise ATT&CK assessment and is designed to help organisations better understand the capabilities of endpoint detection and response (EDR) and extended detection and response (XDR) platforms in defending against multi-stage cyber threats.
Sophos advised organisations to review MITRE ATT&CK results alongside other independent industry assessments when evaluating security solutions. The company has recently received multiple recognitions, including leadership positions in IDC MarketScape’s Worldwide XDR Software 2025 report, G2’s Fall 2025 reports for EDR and XDR, Gartner Peer Insights Customers’ Choice for XDR, and the 2025 Gartner Magic Quadrant for Endpoint Protection Platforms.
