BREAKING: MITRE Engenuity Publishes their Blueprint for a Domestic Semiconductor Industry. Read the Paper.
M
logo
        • Who We Are

        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage

        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us

        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Semiconductors

        • Dive into the revolutionary work that MITRE Engenuity is doing within this critical ecosystem.

        • Circuit Talk

        • Hear directly from the semiconductor experts through our speaker series featuring titans of industry, groundbreaking researchers, and many more.

        • Cybersecurity

        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations

        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense

        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • MITRE ATT&CK Defender

        • Strengthen your threat-informed defense capabilities with our cybersecurity trainings taught by MITRE ATT&CK subject matter experts.

        • Telecom

        • The transformative power of 5G shifts paradigms across industries and empowers businesses to change the way they interact with people. See how MITRE Engenuity is impacting the next generation of telecommunications. 

        • Open Generation 5G Consortium

        • We are getting to our 5G future faster. Discover how we are accelerating network technology and device-to-device application innovation through use case-focused R&D in the Open Generation 5G Consortium.

        • Health

        • We identify potential health security threats to ensure faster public health pandemic responses and incubate new ideas to ensure national health security.

        • Growing Impact

        • We deliver positive public impact through advanced technological innovation projects.

        • Cyber Risk Model for Mobile Digital Financial Services: Securing Mobile Money Services. Explore Our Cyber Risk Model for Mobile Financial Services product
        • Embedded Capture the Flag: Developing Tomorrow's Cyber Workforce Today. Get Involved with MITRE's Embedded Capture the Flag Competition
        • News & Insights

        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services

  • October 20, 2021
MITRE Engenuity ATTACK Evaluations Managed Services 2022 Badge

Wavering confidence levels puts the managed services industry next in line for purple team ATT&CK Evaluations

McLean, VA, and Bedford, MA, Oct 20, 2021 — MITRE Engenuity™ today announced its first ever ATT&CK® Evaluations for Managed Services call for participation specifically designed for managed security service providers (MSSP) and managed detection and response (MDR) competencies. The objective of this new offering is to provide transparency into the capabilities of MSSPs and MDRs. The inaugural Managed Service ATT&CK Evaluations Call for Participation is open until December 29, 2021.

To date, MITRE Engenuity ATT&CK Evaluations have focused on evaluating the potential capability of products to detect and protect against known adversary behavior. "This has helped lift the entire endpoint security market through transparency to end-users and collaboration with the capability providers," said Holger Schulze, CEO and publisher at Cybersecurity Insiders, an infosec industry surveyor. By extending ATT&CK Evaluations to evaluate managed services, MITRE Engenuity will aid in increasing the community's trust in their providers and help advance the services and expertise offered.

Designed to focus on the people who manage security technology, versus the efficacy of vendor products per se, the Managed Services ATT&CK Evaluations will not disclose the emulated adversary prior to the evaluation. This is a significant shift from the open-book format used in the Enterprise ATT&CK Evaluations that seeks to remove the human element from the evaluation of the technology. The participants will reconstruct the behavior as if a normal user were being breached, truly testing skills in a threat-informed scenario. Results will be released publicly following the conclusion of the evaluations.

"We are extremely excited to extend ATT&CK Evaluations to the managed services industry, highlighted by both MSSPs and MDR capabilities," said Frank Duff, general manager of ATT&CK Evaluations. "Building on our Enterprise Evaluations, this evolution of the ATT&CK Evaluations program will enable us to assess and improve the services that leverage these technologies to secure networks."

The need for these new evaluations is underscored by preliminary results from the "2021 Managed Services Report: No Rest for the Wary" conducted by Cybersecurity Insiders. The report found that the community has a high reliance on services, but wavering confidence in the security that managed detection and response (MDR) and managed service security providers (MSSPs) deliver to businesses. The survey to date reveals that:

  • About 50% of respondents are not using detection and response tools to gain visibility to their networks. More than 25% of those still rely on perimeter defenses.
  • More than 40% of participants note training, and more than 30% note hiring problems as one of the greatest limiting factors for confidence.
  • 68% report using MSSP/MDR, but roughly 50% are not confident in the people and technology used by their managed security solution.

This evaluation will provide MSSP and MDR capability providers an opportunity to showcase their ability to identify threats within an organization. This will also benefit prospective customers of these capabilities as the end-user will garner a clearer understanding of how threats are addressed, all while the capability providers will learn their own strengths and weaknesses to validate and improve their post-exploit analysis capabilities.

The execution of the Managed Services ATT&CK Evaluations will take place in Q2 2022 with the results expected to be released in Q3 2022. For a complete overview and to learn more about our evaluation process, or contact the ATT&CK Evaluations team, please visit https://attackevals.mitre-engenuity.org.

About MITRE EngenuityMITRE Engenuity is a tech foundation that collaborates with the private sector on challenges that demand public interest solutions, to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing and next generation communications. www.mitre-engenuity.org.

Search Expert Insights

Related Posts

Loading

Load More
see more news and insights