MITRE has launched independent evaluations of cybersecurity products from 21 vendors, according to a prepared statement. The evaluations leverage the ATT&CK knowledge base and are designed to help government agencies and industrial organizations explore ways to combat cyber threats and bolster their threat detection capabilities.
ATT&CK Evaluations emulate tactics and techniques used by APT29, a threat group that has been attributed to the Russian government, MITRE stated. They can be used to evaluate products from the following cybersecurity vendors:
Palo Alto Networks
VMware (Carbon Black)
MITRE previously evaluated products from CrowdStrike, SentinelOne and other cybersecurity vendors against threats posed by APT3, a Chinese threat group.
How Are ATT&CK Evaluations Performed?
MITRE uses two processes for its ATT&CK Evaluations:
Detection: Involves product setup, adversary emulation and processing and publication of the evaluation results.
Evaluation: Involves the same steps as the detection process, but an extra day is required for adversary emulation and assessment.
ATT&CK Evaluations results are available online. The ATT&CK Evaluations website features a tool that enables users to select cybersecurity vendors and display a side-by-side comparison of how they detected each attack technique, along with a data analysis tool to examine how they handled those techniques.
DIY APT29 Evaluation Now Available
In addition to its ATT&CK Evaluations, MITRE has released a do-it-yourself APT29 evaluation that uses its CALDERA automated red team system. The APT29 evaluation enables users to test security products in their own environments against the same adversary.
Meanwhile, cybersecurity vendors can apply to participate in the next round of ATT&CK Evaluations. This round will feature the Carbanak and FIN7 threat groups as emulated adversaries.