MITRE seeks cybersecurity vendors for EDR evaluation

MITRE of McLean, VA is calling on interested commercial cybersecurity vendors to participate in an impartial cyber evaluation that will help customers and the industry make better decisions in countering cyberattacks. MITRE is evaluating endpoint detection and response (EDR) products based on its ATT&CK knowledge base, the company announced March 29.

ATT&CK is a globally accessible knowledge base of cyber adversary tactics and techniques based on the contributions of public and private companies as well as academic and government institutions. The ATT&CK knowledge base articulates the threat and defines that behavior in a common language and framework in a way that drives improvements in security across multiple disciplines. By crowd-sourcing a variety of attack detection analytics across many different organizations, users can better detect adversaries and then create resilience and deception strategies that enable customers to quickly adapt and respond. ATT&CK’s common language also helps users understand and determine the effectiveness of various cybersecurity products.

As a not-for-profit organization with an impartial position and unique vantage point working across government, MITRE is offering formal product evaluations as a service to interested cybersecurity vendors and will publicly release all evaluation results to drive overall market improvement.

“We want to help strengthen cybersecurity in our nation against sophisticated, determined adversaries, across both the public and private sectors,” said Peter Sherlock, MITRE’s chief operating officer. “Offering impartial evaluations to support industry progress in cybersecurity is a way to contribute our defense-quality cyber expertise and objective insight to make the world a safer place.”

“ATT&CK provides a common framework for evaluating post-breach capabilities,” said Frank Duff, principal cybersecurity engineer. “We believe that objective and open testing based on ATT&CK will advance capabilities and help drive the entire endpoint detection and response market forward.”

As part of their participation in MITRE’s impartial cyber evaluation, cybersecurity vendors will be provided clear articulation of their capabilities, as well as access to MITRE’s cyber experts’ feedback for improving their products. Details captured will include the ATT&CK technique tested, specific actions the assessors took to execute, and details on the product’s ability to detect the emulated adversary behavior.

The first round of ATT&CK-based evaluations will be an adversary emulation of APT3/Gothic Panda, as described by ATT&CK. The evaluation will be limited to the technical ability to detect adversary behavior, to ensure purely objective results. Subsequent rounds will address additional APT adversary emulations, both in breadth of techniques and depth of technique implementation variation.

The first-round call for participation is open to all vendors until April 13, 2018. For more information or to request participation, please contact

Source: MITRE