MITRE Offers ATT&CK-Based Evaluations of Post-Exploit Detection Products

McLean, Va., March 29, 2018 — MITRE, a public interest research and development company, is calling on interested commercial cybersecurity vendors to participate in an impartial cyber evaluation that will help customers and the industry make better decisions in countering cyberattacks. MITRE is evaluating endpoint detection and response (EDR) products based on its ATT&CK™ knowledge base.

ATT&CK is a globally accessible knowledge base of cyber adversary tactics and techniques based on the contributions of public and private companies as well as academic and government institutions. The ATT&CK knowledge base articulates the threat and defines that behavior in a common language and framework in a way that drives improvements in security across multiple disciplines. By crowd-sourcing a variety of attack detection analytics across many different organizations, users can better detect adversaries and then create resilience and deception strategies that enable customers to quickly adapt and respond. ATT&CK's common language also helps users understand and determine the effectiveness of various cybersecurity products.

As a not-for-profit organization with an impartial position and unique vantage point working across government, MITRE is offering formal product evaluations as a service to interested cybersecurity vendors and will publicly release all evaluation results to drive overall market improvement.

“We want to help strengthen cybersecurity in our nation against sophisticated, determined adversaries, across both the public and private sectors,” said Peter Sherlock, MITRE's chief operating officer. "Offering impartial evaluations to support industry progress in cybersecurity is a way to contribute our defense-quality cyber expertise and objective insight to make the world a safer place.”

“ATT&CK provides a common framework for evaluating post-breach capabilities,” said Frank Duff, principal cybersecurity engineer. “We believe that objective and open testing based on ATT&CK will advance capabilities and help drive the entire endpoint detection and response market forward.”

As part of their participation in MITRE’s impartial cyber evaluation, cybersecurity vendors will be provided clear articulation of their capabilities, as well as access to MITRE’s cyber experts’ feedback for improving their products. Details captured will include the ATT&CK technique tested, specific actions the assessors took to execute, and details on the product’s ability to detect the emulated adversary behavior.

The first round of ATT&CK-based evaluations will be an adversary emulation of APT3/Gothic Panda, as described by ATT&CK. The evaluation will be limited to the technical ability to detect adversary behavior, to ensure purely objective results. Subsequent rounds will address additional APT adversary emulations, both in breadth of techniques and depth of technique implementation variation.

The first-round call for participation is open to all vendors until April 13, 2018. For more information or to request participation, please contact attackevals@mitre.org.

Related Resources
Media Resources
Executive Team
Visiting Fellows

About The MITRE Corporation
At MITRE, we work across the whole of government to tackle difficult problems that challenge the safety, stability and well-being of our nation through our operation of federally funded R&D centers as well as public-private partnerships.

With a unique vantage point working across federal, state and local governments, as well as industry and academia, we work in the public interest to discover new possibilities, create unexpected opportunities and lead by pioneering together for public good to bring innovative ideas into existence in national security and the public sector.

MITRE's mission-driven team is dedicated to solving problems for a safer world.
Learn more about MITRE at www.mitre.org, twitter.com/mitrecorp and facebook.com/MITREcorp.

Jeremy Singer
Public Affairs Lead
jsinger@mitre.org (781) 271-2412