ATT&CK Evaluations: Managed Services Welcomes 17 Participants
Off the back of our big release at the end of March, we are excited to announce our cohort for our first ever ATT&CK Evaluations: Managed Services. Thank you to each of the following vendors for participating in our inaugural ATT&CK Evaluation: Managed Services — Atos, Bitdefender, BlackBerry, BlueVoyant, Critical Start, CrowdStrike, Cybereason, Microsoft, NVISO, OpenText, Palo Alto Networks, Rapid7, Red Canary, SentinelOne, Sophos, TrendMicro, and WithSecure (formerly known as F-Secure).
As described in a previous post, the goal for this Evaluation is to apply many of the same principles of our ATT&CK Evaluation Enterprise to a new suite of offerings in the Managed Services space. While our traditional enterprise evaluations aim to evaluate technology, evaluations for managed services aim to evaluate the people of the security vendor space. We believe that a good security program is comprised of people, process, and technology, especially with regards to implementing a threat informed defense.
ATT&CK Evaluations: Managed Services will employ a closed book version of adversary emulation, whereby the vendor participants will not know the emulated adversary until after the execution is complete, though it will be based upon publicly available threat intelligence. The emulation will be conducted in the Microsoft Azure Cloud, similar to the ATTACK Evaluations: Enterprise. Our team will execute the emulation, and participants will provide their analysis as if we were a standard customer. The evaluation will be focused entirely on understanding adversary activity, so remediation or prevention are both prohibited in this inaugural evaluation. During a post-mortem purple team exercise, we will disclose the adversary emulated, all behavior performed, and disclose how our team mapped participant provided analysis to that behavior. We will work with participants to enhance their detection capability during this period, as participants are encouraged to ask questions regarding the execution.
© 2022 MITRE Engenuity LLC. Approved for public release. Document number AT0030
