Prevention-First Approach of BlackBerry® Unified Endpoint Security Validated by MITRE ATT&CK APT29 Evaluation

April 29, 2020

WATERLOO, ONTARIO – April 29, 2020 – BlackBerry Limited (NYSE: BB; TSX: BB) today announced successful completion of the MITRE ATT&CK® APT29 evaluation. BlackBerry Unified Endpoint Security (UES) solutions were examined for their ability to detect sophisticated tactics and techniques used by APT29, a group that cybersecurity experts believe operates on behalf of the Russian government.

MITRE developed and maintains ATT&CK based on open source reporting of adversary tactics and techniques. ATT&CK is freely available and is widely used by defenders in industry and government to find gaps in visibility, defensive tools and processes as they evaluate and select options to improve their network defense.

“BlackBerry security products are designed to help protect enterprises and governments from the most sophisticated threats. MITRE’s ATT&CK evaluations allow us to collaborate with the industry and demonstrate how our AI-powered solutions excel against advanced techniques, including APTs,” said Thomas Pace, VP Global Enterprise Solutions at BlackBerry. “As APT29 was strictly a detection evaluation, it is also important to note that the core functionality of BlackBerry® Protect would have automatically prevented the attacks in their tracks at the outset, thus relieving the burden on the EDR team entirely.”

BlackBerry’s approach to the evaluation was supported by a tightly integrated portfolio of products that work together to effectively detect threats. These products enable endpoint detection and response (EDR) practitioners to reap the synergistic benefits from the immediate identification and clear context of suspicious activity. This was showcased in the APT29 test as multiple BlackBerry detections were triggered for a single threat technique.

Key results include:

  • BlackBerry UES automation capabilities drastically reduce the need for manual intervention during incident response.
  • BlackBerry Protect, BlackBerry® Optics and BlackBerry® Guard all played a key role in detecting the attacks and providing rich context about the attacks by mapping them to tactics and techniques or providing telemetry.
  • BlackBerry performed extraordinarily well in terms of number of detections, far surpassing traditional EDR players.
  • The APT29 evaluation validates the EDR market’s demand for new sensors included in the BlackBerry Optics 2.4 release.
  • With the new sensors, BlackBerry provided visibility throughout the kill chain, and in 115 of 134 tertiary steps.

Join the MITRE ATT&CK APT29 Evaluation: A Technical Review of BlackBerry Optics webinar on Thursday, April 30 at 11:00 AM EDT to learn more about how BlackBerry detects attacks used by the APT29 threat group.


About ATT&CK

ATT&CK® was created by MITRE’s internal research program from its own data and operations. ATT&CK is entirely based on published, open source threat information. Increasingly, ATT&CK is driven by contributions from external sources. Cybersecurity vendors may apply to participate in the next round of the ATT&CK Evaluations, which will feature the Carbanak and FIN7 threat groups as the emulated adversaries, via



MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

About BlackBerry

BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 150M cars on the road today.  Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems. 

BlackBerry. Intelligent Security. Everywhere. 

For more information, visit and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.



Media Contact:

BlackBerry Media Relations

(519) 597-7273