Articulate your capabilities using ATT&CK


MITRE’s ATT&CK evaluations provide vendors with an assessment of their capability’s ability to detect specific adversary’s tactics and techniques, as captured in the ATT&CK knowledgebase. They offer unbiased feedback and a chance for vendors to reflect on their technology. The vendor can better understand their capabilities and limitations, which in turn motivates future improvement, making solutions better and the world a safer place.

ATT&CK evaluations advance industry capabilities by emulating adversary behavior for testing. Basing evaluations on ATT&CK creates a common lexicon for both the offensive and defensive perspectives. These evaluations are measurable and repeatable, making them useful for continual assessments of incremental improvements.

The evaluation is a collaborative experience, where MITRE works with vendors to articulate how their capabilities can detect adversary behavior using the common language of ATT&CK. These evaluations are not a competitive analysis, so you will not find scores, rankings, or ratings. Instead, we work independently with each vendor, and show how they approach threat detection in their own way.

Impartiality and transparency are essential components of MITRE’s mission, so we make our methodology and detections available to everyone. The methodology provides critical context to the detections we document, where specific implementation details and timing matter. The detections enable the vendor’s customers to make informed decisions about their defensive cybersecurity investments and use the capabilities more effectively.

For information on participating in ATT&CK evaluations, contact attackevals@mitre.org

Vendor participation is subject to applicable legal restrictions, available resources, and other factors.