MITRE, a public interest research and development company, recently announced that it is seeking commercial cybersecurity vendors to participate in an evaluation of endpoint detection and response (EDR) products based on MITRE’s ATT&CK knowledge base.
ATT&CK is a globally accessible knowledge base of cyber adversary techniques built from the contributions of public and private companies as well as academic and government institutions. The ATT&CK knowledge base identifies threats and defines them in a common language and framework in an effort to drive improvements in security.
“ATT&CK provides a common framework for evaluating post-breach capabilities,” Frank Duff, principal cybersecurity engineer, said. “We believe that objective and open testing based on ATT&CK will advance capabilities and help drive the entire endpoint detection and response market forward.”
MITRE will use the knowledge base to conduct formal product evaluations as a service for interested cybersecurity vendors. The company will provide participants with information on the ATT&CK technique tested, actions the assessors took to execute and the product’s ability to detect the emulated adversary behavior as well as feedback from MITRE cyber experts for improving their products. The company will publicly release all evaluation results to drive overall market improvement.
“We want to help strengthen cybersecurity in our nation against sophisticated, determined adversaries, across both the public and private sectors,” Peter Sherlock, MITRE’s chief operating officer, said. “Offering impartial evaluations to support industry progress in cybersecurity is a way to contribute our defense-quality cyber expertise and objective insight to make the world a safer place.”
The first round of evaluations will be an adversary emulation of APT3/Gothic Panda, as described by ATT&CK. The evaluations will explore the technical ability to detect adversary behavior.
Future rounds will address additional APT adversary emulations, both in the breadth of techniques and the depth of technique implementation variation.
The first-round call for participation is open to all vendors until April 13.