About ATT&CK Evaluations
Since MITRE released ATT&CK™ in May 2015, the community has used it to enable better communication between red teamers, defenders and management. Defenders use ATT&CK for table top exercises, assessments, and hands-on evaluations. The security community uses it to perform testing that informs capabilities and gaps in networks and products alike. What makes ATT&CK so appealing for testing is that it is based on the known threat rather than just the hypothetical. Additionally, the matrix visualization provides an excellent scorecard to capture evaluation results.
ATT&CK™ is embraced by both the public and private sectors, because they see the value in ATT&CK as a way of stating what tools can do. These companies are asking vendors to map capabilities to ATT&CK, and similarly, vendors are using ATT&CK to map products to a common language and communicate their capabilities.
Vendors are using ATT&CK to articulate their capabilities, but there is no neutral authority to evaluate their claims. MITRE's new ATT&CK evaluations fill this void. Since announcing in March, we have been busy engaging with vendors and community members interested to hear more about our approach.