logo
        • Who We Are
        • Learn more about MITRE Engenuity’s journey as a hub for transformative innovation.

        • How We Engage
        • We forge innovative partnerships to generate whole-of-nation solutions to complex technological problems.

        • Contact Us
        • Connect with a member of the MITRE Engenuity team and ensure your inquiry gets to the right people.

        • Cybersecurity
        • We are relentlessly advancing the art of threat-informed defense, anchored by a belief that we can improve our defenses with a systemic application of a deep understanding of adversary tradecraft and technology.

        • ATT&CK Evaluations
        • We offer objective analysis of cyber products and features – see our latest results.

        • Center for Threat-Informed Defense
        • Read more about the cutting-edge research and development being done with input from our participant organizations, featuring some of the top security operations centers.

        • Developing tomorrow's cyber workforce today.
        • News & Insights
        • We are leading the leading edge of innovation. Explore the latest news, insights, R&D, and special projects from our advanced tech experts and partners.

        • Subscribe to Our Newsletters
        • Our tech foundation is addressing the complex problems that face our nation today. Find out how you can join our efforts as we spur innovation for public good.

          Subscribe

MITRE Engenuity Announces ATT&CK® Evaluations Call for Participation for Managed Services

Wavering confidence levels puts the managed services industry next in line for purple team ATT&CK Evaluations

McLean, VA, and Bedford, MA, Oct 20, 2021 — MITRE Engenuity™ today announced its first ever ATT&CK® Evaluations for Managed Services call for participation specifically designed for managed security service providers (MSSP) and managed detection and response (MDR) competencies. The objective of this new offering is to provide transparency into the capabilities of MSSPs and MDRs. The inaugural Managed Service ATT&CK Evaluations Call for Participation is open until December 29, 2021.

To date, MITRE Engenuity ATT&CK Evaluations have focused on evaluating the potential capability of products to detect and protect against known adversary behavior. “This has helped lift the entire endpoint security market through transparency to end-users and collaboration with the capability providers,” said Holger Schulze, CEO and publisher at Cybersecurity Insiders, an infosec industry surveyor. By extending ATT&CK Evaluations to evaluate managed services, MITRE Engenuity will aid in increasing the community’s trust in their providers and help advance the services and expertise offered.

Designed to focus on the people who manage security technology, versus the efficacy of vendor products per se, the Managed Services ATT&CK Evaluations will not disclose the emulated adversary prior to the evaluation. This is a significant shift from the open-book format used in the Enterprise ATT&CK Evaluations that seeks to remove the human element from the evaluation of the technology. The participants will reconstruct the behavior as if a normal user were being breached, truly testing skills in a threat-informed scenario. Results will be released publicly following the conclusion of the evaluations.

“We are extremely excited to extend ATT&CK Evaluations to the managed services industry, highlighted by both MSSPs and MDR capabilities,” said Frank Duff, general manager of ATT&CK Evaluations. “Building on our Enterprise Evaluations, this evolution of the ATT&CK Evaluations program will enable us to assess and improve the services that leverage these technologies to secure networks.”

The need for these new evaluations is underscored by preliminary results from the “2021 Managed Services Report: No Rest for the Wary” conducted by Cybersecurity Insiders. The report found that the community has a high reliance on services, but wavering confidence in the security that managed detection and response (MDR) and managed service security providers (MSSPs) deliver to businesses. The survey to date reveals that:

  • About 50% of respondents are not using detection and response tools to gain visibility to their networks. More than 25% of those still rely on perimeter defenses.
  • More than 40% of participants note training, and more than 30% note hiring problems as one of the greatest limiting factors for confidence.
  • 68% report using MSSP/MDR, but roughly 50% are not confident in the people and technology used by their managed security solution.

This evaluation will provide MSSP and MDR capability providers an opportunity to showcase their ability to identify threats within an organization. This will also benefit prospective customers of these capabilities as the end-user will garner a clearer understanding of how threats are addressed, all while the capability providers will learn their own strengths and weaknesses to validate and improve their post-exploit analysis capabilities.

The execution of the Managed Services ATT&CK Evaluations will take place in Q2 2022 with the results expected to be released in Q3 2022. For a complete overview and to learn more about our evaluation process, or contact the ATT&CK Evaluations team, please visit https://attackevals.mitre-engenuity.org.

About MITRE Engenuity MITRE Engenuity is a tech foundation that collaborates with the private sector on challenges that demand public interest solutions, to include cybersecurity, infrastructure resilience, healthcare effectiveness, microelectronics, quantum sensing and next generation communications. www.mitre-engenuity.org.