Working With Industry to Advance Threat Detection Capabilities
ATT&CK Evaluations
Since MITRE introduced ATT&CK® in May 2015, the practitioner community has come to rely on it to enable better communications and management around cybersecurity. ATT&CK Evaluations leverages this knowledge base to provide by providing vendors with an assessment of their capability’s ability to defend against specific adversary’s tactics and techniques, and their users with transparency around their capabilities. MITRE Engenuity will be building on this foundation by managing the oversight of the ATT&CK Evaluation program. The transition is intended to help accelerate the impact of ATT&CK Evaluations in collaboration with the private sector.
Our evaluations are not a competitive analysis. There are no scores, rankings, or ratings. Instead, we show how each vendor approaches threat detection in the context of the ATT&CK matrix.
About the Offerings
The next round of ATT&CK Evaluations will focus on emulating Carbanak and FIN7 adversaries. MITRE Engenuity will work with vendors to articulate how their capabilities can detect adversary behavior which will help organizations reduce future attacks.
To sign up for the next round of ATT&CK Evaluations, contact evals@mitre-engenuity.org.
ATT&CK Evaluations for ICS
MITRE Engenuity is also expanding ATT&CK Evaluations into operational technology and industrial control systems, beginning with ICS detection platforms. MITRE Engenuity will extract and emulate the tactics, techniques, and procedures of the TRITON malware framework used by TEMP.Veles/XENOTIME in a testbed simulating the environment from that attack. MITRE Engenuity will evaluate the ability of vendors’ products to identify the TTPs used by that adversary and will report for public consumption the degree to which these actions are detected and contextualized to the end user.
To receive a synopses or ask questions on ATT&CK Evaluations for ICS, contact evals@mitre-engenuity.org.