Working With Industry to Advance Threat Detection Capabilities
Since MITRE released ATT&CK in May 2015, the community has used the knowledge base to enable better communication among red teamers, defenders and management. Defenders use ATT&CK for table top exercises, assessments, and hands-on evaluations. The security community uses it to perform testing that informs capabilities and gaps in networks and products alike.
While vendors use ATT&CK to articulate their capabilities, there is no neutral authority to evaluate their claims. ATT&CK evaluations fill this void. Our goal is to:
- Empower end-users with objective insights into how to use specific commercial security products to detect known adversary behaviors
- Provide transparency around the true capabilities of security products and services to detect known adversary behaviors
- Drive the security vendor community to enhance their capability to detect known adversary behaviors
Our evaluations are not a competitive analysis. There are no scores, rankings, or ratings. Instead, we show how each vendor approaches threat detection in the context of the ATT&CK matrix.
APT 29 Results– Announced Spring 2020
MITRE Engenuity to Manage Future ATT&CK Evaluations
Starting with the Carbanak/FIN7 emulation, MITRE Engenuity announced that it will oversee the ATT&CK evaluation program. The transition is intended to help accelerate the impact of ATT&CK evaluations in collaboration with the private sector. MITRE Engenuity will expand the program and maintain its commitment to a fair, transparent, and useful process.
Contact the ATT&CK Evaluations Team