MITRE ATT&CK Evaluation: Reading Between the Lines

MITRE is an unbiased and respected organization that performs a valuable service to the cybersecurity community. The MITRE ATT&CK evaluation is an industry standard, and the industry can use all the help it can get to identify the tactics and techniques employed by cybercriminals. (See The Cyber Threat Landscape for 2022 Darkens.) MITRE helps unite efforts by governmental organizations, academics, and vendors to develop strong defense mechanisms. Even so, should cybersecurity leaders take the results provided in the recent MITRE ATT&CK Engenuity tests as gospel?

My view is that while the tests have merit, they only offer part of the picture. Caution is warranted when evaluating each vendor’s interpretation of the results. Organizations seeking to improve their cybersecurity posture may well want to review the raw results, but using a vendor’s analysis as the sole basis for making a security solution purchase is likely unwise.

There’s one overriding reason for this, which I’ll get to. But let’s start by examining the raw results based on what MITRE tested, which vendors participated, and how they fared.

Details of the MITRE ATT&CK Engenuity Evaluation

The MITRE ATT&CK Engenuity tests for the Wizard Spider and Sandworm Edition evaluated the detection and prevention capabilities

Read More: