Working With Industry to Advance Threat Detection Capabilities

Since MITRE released ATT&CK in May 2015, the community has used the knowledge base to enable better communication among red teamers, defenders and management. Defenders use ATT&CK for table top exercises, assessments, and hands-on evaluations. The security community uses it to perform testing that informs capabilities and gaps in networks and products alike.

While vendors use ATT&CK to articulate their capabilities, there is no neutral authority to evaluate their claims. ATT&CK evaluations fill this void. Our goal is to:

  • Empower end-users with objective insights into how to use specific commercial security products to detect known adversary behaviors
  • Provide transparency around the true capabilities of security products and services to detect known adversary behaviors
  • Drive the security vendor community to enhance their capability to detect known adversary behaviors

Our evaluations are not a competitive analysis. There are no scores, rankings, or ratings. Instead, we show how each vendor approaches threat detection in the context of the ATT&CK matrix.

APT3 Results

APT 29 Results– Announced Spring 2020

MITRE Engenuity to Manage Future ATT&CK Evaluations

Starting with the Carbanak/FIN7 emulation, MITRE Engenuity announced that it will oversee the ATT&CK evaluation program. The transition is intended to help accelerate the impact of ATT&CK evaluations in collaboration with the private sector. MITRE Engenuity will expand the program and maintain its commitment to a fair, transparent, and useful process.

Contact the ATT&CK Evaluations Team