MITRE's ATT&CK-based Evaluations for Security Vendors are Underway

July 6, 2018
Cyber Threat Intelligence: Post by Frank Duff
Frank Duff

Shortly before the RSA conference this past spring, we announced that MITRE will offer ATT&CK™-based evaluations for security product vendors. Today, we’re proud to announce that the initial participants will be Carbon Black, CounterTack, CrowdStrike, Cylance, Endgame, Microsoft, RSA, and SentinelOne.

MITRE's ATT&CK-based evaluations provide each vendor with an assessment of their product’s effectiveness to detect specific adversary's tactics and techniques, as captured in the ATT&CK knowledgebase. The initial evaluations will use a MITRE-developed APT3 emulation plan. The evaluations provide vendors with unbiased feedback and a chance to reflect on their own technology. The vendor can better understand its capabilities and limitations, and motivate future improvement, which in turn makes solutions better and the world a safer place.

The publicly available evaluation reports will also enable consumers to make informed decisions about their defensive cybersecurity investments, and use their current capabilities more effectively. Transparency in both process and results ensures consumers that they can rely on our evaluations. This will further encourage vendors to create capabilities that more effectively address known threats.

ATT&CK-based evaluations advance industry capabilities by emulating adversary behavior for testing. Basing evaluations on ATT&CK creates a common lexicon for describing tests from both the offender and defender perspectives. It abstracts the results to a level relevant for managers and decision makers. These evaluations are measurable and repeatable, making them extremely reliable and useful for continual assessments of incremental improvements.

Carbon Black, CounterTack, CrowdStrike, Endgame, Microsoft, RSA, and SentinelOne will be participating in evaluations throughout the summer. MITRE will release the results in October, publicly available and open to all.

There is still time for vendors who want to participate in the APT3 inspired testing to sign up as part of our rolling admissions. MITRE will also be announcing a second round of testing, with a different emulated adversary, this fall.