Content, Channel partners, Content

MITRE ATT&CK Evaluations: Here’s What MSSPs Need to Know


MITRE has launched independent evaluations of cybersecurity products from 21 vendors, according to a prepared statement. The evaluations leverage the ATT&CK knowledge base and are designed to help government agencies and industrial organizations explore ways to combat cyber threats and bolster their threat detection capabilities.

ATT&CK Evaluations emulate tactics and techniques used by APT29, a threat group that has been attributed to the Russian government, MITRE stated. They can be used to evaluate products from the following cybersecurity vendors:

  • Bitdefender
  • Blackberry Cylance
  • Broadcom (Symantec)
  • CrowdStrike
  • CyCraft
  • Cybereason
  • Elastic (Endgame)
  • F-Secure
  • FireEye
  • GoSecure
  • HanSight
  • Kaspersky
  • Malwarebytes
  • McAfee
  • Microsoft
  • Palo Alto Networks
  • ReaQta
  • Secureworks
  • SentinelOne
  • Trend Micro
  • VMware (Carbon Black)

MITRE previously evaluated products from CrowdStrike, SentinelOne and other cybersecurity vendors against threats posed by APT3, a Chinese threat group.

How Are ATT&CK Evaluations Performed?

MITRE uses two processes for its ATT&CK Evaluations:

  • Detection: Involves product setup, adversary emulation and processing and publication of the evaluation results.
  • Evaluation: Involves the same steps as the detection process, but an extra day is required for adversary emulation and assessment.

ATT&CK Evaluations results are available online. The ATT&CK Evaluations website features a tool that enables users to select cybersecurity vendors and display a side-by-side comparison of how they detected each attack technique, along with a data analysis tool to examine how they handled those techniques.

DIY APT29 Evaluation Now Available

In addition to its ATT&CK Evaluations, MITRE has released a do-it-yourself APT29 evaluation that uses its CALDERA automated red team system. The APT29 evaluation enables users to test security products in their own environments against the same adversary.

Meanwhile, cybersecurity vendors can apply to participate in the next round of ATT&CK Evaluations. This round will feature the Carbanak and FIN7 threat groups as emulated adversaries.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.