Close-up portrait of software engineer working on computer

MITRE Engenuity Publishes First-Ever ATT&CK Evaluations of Security Service Providers

The findings highlight results across 16 providers and assess provider capabilities in their ability to analyze and describe adversary behavior and to deliver threat-informed defense capabilities.

McLean, Va. & Bedford, Mass., November 9, 2022 — MITRE Engenuity ATT&CK® Evaluations(Evals), a program of MITRE Engenuity™, MITRE’s tech foundation for public good, announced the results of its first-ever independent ATT&CK Evaluations for security service providers. The Evals highlighted results across 16 providers and assessed provider capabilities in their ability to analyze and describe adversary behavior.

“More than half of organizations use security service providers to protect their data and networks,” said Ashwin Radhakrishnan, general manager, ATT&CK Evals, MITRE Engenuity. “We wanted to research how they are employing threat-informed defense practices for their clients. We don’t rank the vendors in our evaluations. Organizations, however, can use the Evals to determine which service providers may best address their cybersecurity gaps and fit their particular business needs.”

Evals’ expert purple teamers have in-depth knowledge of the threat landscape and adversary tradecraft. Through the lens of the MITRE ATT&CK knowledge base, the team emulated the tactics and techniques of OilRig, a threat actor with operations aligning to the strategic objectives of the Iranian government. OilRig has conducted operations relying on social engineering, stolen credentials, and supply chain attacks, resulting in the theft of sensitive data from critical infrastructure, financial services, government, military, and telecommunications. This threat actor used in evaluating the security service providers was chosen based on its evasion and persistence techniques, its complexity, and its relevancy to industry.

Participants in this Evals included Atos, Bitdefender, BlackBerry, BlueVoyant, Critical Start, CrowdStrike, Microsoft, NVISO, OpenText, Palo Alto Networks, Rapid7, Red Canary, SentinelOne, Sophos, Trend Micro, and WithSecure.

For more details about the Evals and results, visit

Background on Tracking Confidence in Security Service Providers

Prior to the evaluations in 2021, MITRE Engenuity conducted research with Cybersecurity Insiders, an online community of more than 400,000 information security professionals worldwide, to understand the state of affairs in security services. The 2021 Managed Services Report, No Rest for the Wary, found that most respondents (68%) used security services, yet nearly half (47%) were not confident in the service technology or people. At the same time, when asked whether teams conduct offensive testing before the selection process, 59% of respondents claimed to conduct offensive testing on products while only 53% conducted testing on services.

About MITRE Engenuity

MITRE Engenuity, a subsidiary of MITRE, is a tech foundation for the public good. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

MITRE Engenuity brings MITRE’s deep technical know-how and systems thinking to the private sector to solve complex challenges that government alone cannot solve. MITRE Engenuity catalyzes the collective R&D strength of the broader U.S. federal government, academia, and private sector to tackle national and global challenges, such as protecting critical infrastructure, creating a resilient semiconductor ecosystem, building a genomics center for public good, accelerating use case innovation in 5G, and democratizing threat-informed cyber defense.

About MITRE Engenuity ATT&CK® Evaluations

ATT&CK® Evaluations (Evals) is built on the backbone of MITRE’s objective insight and conflict-free perspective. Cybersecurity vendors turn to the Evals program to improve their offerings and to provide defenders with insights into their product’s capabilities and performance. Evals enables defenders to make better informed decisions on how to leverage the products that secure their networks. The program follows a rigorous, transparent methodology, using a collaborative, threat-informed, purple-teaming approach that brings together vendors and MITRE experts to evaluate solutions within the context of ATT&CK. In line with MITRE Engenuity’s commitment to serve the public good, Evals results and threat emulation plans are freely accessible.

Media Contact: Lisa Fasold,