Kicking Off Our Second Managed Services Evaluation

We are excited to announce that the call for participation has been finalized for MITRE Engenuity’s ATT&CK Evaluations: Managed Services – Round 2. This annual evaluation is an essential part of our efforts to contribute to understanding the efficacy of the people, process, and technology relevant to security programs built to address adversary behavior. Much like its predecessors, 2023’s Managed Services Evaluation seeks to provide unbiased results that can inform cyber defenders how to better utilize and/or acquire the offerings that will make the difference for their organizations.

Welcome Managed Services 2023 Participants!

Why Managed Services

Last year, before launching our first Managed Services Evaluation, we surveyed participants to learn more about how organizations that rely on managed services view their position in the marketplace. The results proved how critical this annual ATT&CK Evaluation is. Of the organizations, surveyed, 58% relied on managed services to either complement their in-house security operations center (SOC), or as their main line of defense. When considering companies under 5,000 employees, the number jumped to 68%. Meanwhile, roughly half of these did not have high confidence in their managed service’s people or technology. This pales in comparison to those that leverage in-house SOCs, where confidence is far higher at 75%.

For this reason and more, we are thrilled to begin the 2023 Managed Services ATT&CK Evaluation. This second round of Managed Services ATT&CK Evaluations features numerous improvements to detract from interpretations emphasizing mere detection count and empower deeper analyses of the unique offering of each managed service provider within the context of the Emulation Plan. These improvements address key questions and comments from participants, which is critical to the ATT&CK Evaluations process and ethos. A blog post outlining the specifics of improvements will be published soon.

What We Achieve

As always, our benchmarks for success are as follows:

• Empower end-users with objective insights into how to leverage specific commercial cybersecurity capabilities to address known adversary behaviors.
• Provide transparency around the true capabilities of commercial security offerings to address known adversary behaviors.
• Drive the security vendor community to enhance their offerings to better address known adversary behaviors.

What’s Next

Join our mailing list to be kept up to date when the results for the 2023 Managed Services ATT&CK Evaluation results are published.

Visit the ATT&CK Evaluations homepage here and follow MITRE Engenuity on Twitter and LinkedIn for more up-to-date information.

© 2023 MITRE Engenuity, LLC.  Approved for Public Release. Document number AT0054