Articulate your capabilities using ATT&CK
MITRE Engenuity's ATT&CK Evaluations provide vendors with an assessment of their capability’s ability to defend against specific adversary’s tactics and techniques, as captured in the ATT&CK knowledge base. The assessments offer unbiased feedback and a chance for vendors to reflect on their technology. The vendor can better understand its capabilities and limitations, which in turn motivates future improvement, making solutions better and the world a safer place.
ATT&CK Evaluations advance industry capabilities by emulating adversary behavior for testing. Basing evaluations on ATT&CK aligns them to a common lexicon understood by security practitioners from both the offensive and defensive perspectives. These evaluations are measurable and repeatable, making them useful for continual assessments of incremental improvements.
The evaluation is a collaborative experience, where MITRE Engenuity works with vendors to articulate how their capabilities can detect adversary behavior. These evaluations are not a competitive analysis, so you will not find scores, rankings, or ratings. Instead, we work with each vendor independently, and evaluate how they approach threat detection in their own way.
Impartiality and transparency are essential components of MITRE Engenuity’s mission, so we make our methodology and results available to everyone. The methodology provides critical context to the results we document, where specific implementation details and timing matter. The results enable the vendor’s customers to make informed decisions about their defensive cybersecurity investments and use the capabilities more effectively.
ATT&CK Evaluation mailing lists coming soon!
For additional information on participating in ATT&CK evaluations, contact email@example.com.
Vendor participation is subject to applicable legal restrictions, available resources, and other factors.