Sophos XDR Achieves Its Best-Ever Results in the MITRE ATT&CK Enterprise 2025 Evaluation

• 31 Dec 2025
• TM Team
• 0 Comments

Sophos, a global leader of innovative security solutions for defeating cyberattacks, announced its best-ever results in the MITRE ATT&CK® Enterprise 2025 Evaluation. Sophos XDR detected 100% of adversary behaviours (sub-steps)1 across two complex attack scenarios: Scattered Spider, which Sophos X-Ops tracks as GOLD HARVEST, a financially motivated cybercriminal collective, and Mustang Panda, which Sophos X-Ops tracks as BRONZE PRESIDENT, a People’s Republic of China (PRC) espionage group. The Scattered Spider scenario included activity across Windows, Linux, and AWS cloud environments, and the Mustang Panda scenario focused on Windows only. Further, Sophos achieved the highest possible “Technique”-level rating for 86 out of 90 total sub-steps in the evaluation, by generating high-fidelity detections with details on execution, impact, and adversary behaviour, providing clear who, what, when, where, how, and why insights.

Sophos XDR achieved:

100% detection coverage1 for all 90 adversary sub-steps across two complex attack scenarios across Windows, Linux, and AWS cloud environments

Highest possible (“Technique”) ratings for 86 of 90 sub-steps, demonstrating deep visibility and actionable detections

Highest possible (“Technique”) ratings for 61 out of 62 of sub-steps in the Scattered Spider scenario involving identity abuse, cloud exploitation, and data exfiltration

“Scattered Spider and Mustang Panda represent distinct threat profiles that challenge defenders in very different ways,” said Simon Reed, chief research and scientific officer, Sophos. “Achieving full detection coverage against both validates the accuracy and depth of Sophos’ analytics and demonstrates how the company’s AI-native XDR platform converts complex telemetry into clear, actionable intelligence, helping security teams detect, understand, and stop advanced attacks with confidence. Sophos’ consistently strong performance in these rigorous evaluations underscores the power and precision of our threat detection and response capabilities, as well as our commitment to stopping the world’s most sophisticated cyber threats. Over the five years that Sophos has participated in ATT&CK Evaluations, we have continually invested in strengthening our platform, and that investment has translated into stronger results year after year - both in the evaluations, and in the security outcomes we deliver for our customers.”

These results demonstrate the power of the Sophos XDR platform to defend against sophisticated cyber threats. Every day, Sophos processes 223+ terabytes of telemetry in Sophos Central, generating 34+ million detections and automatically blocking 11+ million threats. This scale of customer insights ensures that Sophos’ detections are being tested and improved to provide continuous protection while delivering stronger outcomes for organizations worldwide.