Terry KS Sophos has announced its best-ever results in the MITRE ATT&CK® Enterprise 2025 Evaluation, with its XDR platform detecting 100% of adversary behaviors across complex attack scenarios, cementing its position as a leader in cybersecurity.
MALAYSIA, 17 DECEMBER 2025 – Sophos, a global frontrunner in advanced security solutions, has achieved unparalleled success in the latest MITRE ATT&CK® Enterprise 2025 Evaluation. The company’s Extended Detection and Response (XDR) platform detected 100% of adversary behaviors across two intricate attack scenarios—Scattered Spider, a financially-motivated cybercriminal collective, and Mustang Panda, a Chinese espionage group. Sophos XDR demonstrated its exceptional capabilities by achieving the highest possible “Technique” ratings for 86 out of 90 adversary sub-steps across Windows, Linux, and AWS cloud environments.
“Achieving full detection coverage against both Scattered Spider and Mustang Panda validates the accuracy and depth of our AI-driven analytics,” said Simon Reed, Chief Research and Scientific Officer at Sophos. “Our platform translates complex telemetry into actionable intelligence, enabling security teams to confidently detect and stop advanced attacks. This remarkable performance underscores our commitment to defending against the world’s most sophisticated cyber threats.”
Sophos XDR’s success is a direct result of the company’s ongoing investment in strengthening its platform. Over the past five years, Sophos has continuously enhanced its threat detection and response capabilities, yielding stronger results and better security outcomes for its customers. In total, Sophos processes over 223 terabytes of telemetry daily, generating more than 34 million detections and blocking over 11 million threats automatically.
The Scattered Spider attack scenario, which spans multiple environments including Windows, Linux, and AWS cloud, involved highly sophisticated techniques like identity abuse and data exfiltration. Mustang Panda, which focuses on Windows systems, represents the persistent and strategic nature of state-aligned espionage groups. With over five years of tracking these adversaries, Sophos X-Ops continues to refine its ability to combat a wide range of cyber threats.
MITRE ATT&CK Evaluations, one of the most rigorous independent assessments of cybersecurity solutions, tests vendors on their ability to detect, analyze, and respond to the tactics, techniques, and procedures (TTPs) of real-world cyber adversaries. Sophos has consistently demonstrated its prowess in these evaluations, reinforcing its reputation as a leader in cybersecurity.