Earn the community’s trust
ATT&CK Evaluations are trusted by the end-user community because they are built on MITRE’s objective insight and conflict-free perspective. Each vendor evaluation is independently assessed on their unique approach to threat detection. Evaluation rounds are not a competitive analysis, they do not showcase scores, rankings, or ratings and are transparent and openly published.
IMPROVE YOUR SOLUTION TO BETTER DEFEND AGAINST THE ADVERSARY
As described in the ATT&CK knowledge base, the assessments offer unbiased feedback and a chance for you to reflect on your technology. Evaluations help you to better understand your capabilities and limitations, which motivates future improvement, making solutions better and the world safer.
Participants Supporting the Mission
Our mission is to make a safer world with a threat-informed defense approach to security. We value the participant organizations that have joined us in this mission, by providing transparency into capabilities and applying the lessons learned towards improvement in product roadmaps.
ATT&CK EVALUATIONS IS EMULATING THE TURLA THREAT GROUP
ATT&CK® Evaluations is currently emulating and evaluating enterprise providers for defenses against the Russian-based threat group, Turla, that has infected victims in over 45 countries. Evaluation results will be released in 2023.
ATT&CK Evaluations Offerings
The ATT&CK Evaluations program applies a systematic methodology using a threat-informed purple teaming approach, but also continues to develop new methodologies, open new rounds of evaluations, publish results, and create content for running independent evaluations and using the results more effectively.
Empowers end-users to make more informed decisions on endpoint detection capabilities by articulating how each vendor can protect against or detect adversary behavior.
Designed to provide transparent and impartial insights into how managed security service providers (MSSPs) and managed detection and response (MDR) capabilities provide context to adversary behavior.
Industrial Control Systems (ICS)
Brings clarity around anomaly and threat detection capabilities of industrial control systems security solutions.
An exploratory new program designed to help niche solutions providers realistically describe their strengths in defending against known adversary behavior.
Our Methodology, Led by the world’s purple teaming experts
Purple teaming exercises simulate attacks by major cyber threat actors based on the threat intelligence collected in the ATT&CK framework. This captures critical context around a solution’s ability to detect or protect against known adversary behavior as defined by the ATT&CK knowledge base. Results from each evaluation are thoroughly documented and openly published. The process is methodical and rigorous, encompassing nine unique steps across three distinct phases:
- Select a threat (incident, group, malware, etc)
- Create the emulation plan
- Develop the emulation
- Access the environment
- Deploy the solution
- Perform the evaluation
- Process the results
- Receive feedback
- Publish the results