MITRE ATT&CK Explainers:
MITRE Engenuity & MITRE ATT&CK® Evaluations in Your Organization
MITRE Engenuity is a non-profit organization affiliated with the MITRE Corporation, an American not-for-profit organization that operates federally funded research and development centers (FFRDCs) in the United States.
MITRE Engenuity focuses on areas such as cybersecurity, critical infrastructure, ATT&CK evaluations, and healthcare, among others. It aims to create and deploy innovative technologies and solutions that can have a significant impact on public safety, national security, and global stability.
The organization works with various partners to conduct research, develop new technologies, and create standards and best practices that can be adopted by both the public and private sectors. One of its most notable initiatives is the Center for Threat-Informed Defense, which is a collaborative research endeavor that brings together experts from different organizations to develop and share knowledge on how to counter emerging cyber threats.
This is part of a series of articles about Mitre ATT&CK
What MITRE Engenuity Offers to Organizations
MITRE Engenuity offers a range of services and resources aimed at fostering collaboration and innovation in fields including cybersecurity, healthcare, transportation, and national security. Some of its key offerings include:
- Research and development: MITRE Engenuity conducts research and develops solutions to tackle complex challenges faced by government and industry sectors.
- Collaboration platforms: The organization provides platforms for collaboration among government, industry, and academia, facilitating the exchange of ideas, resources, and expertise.
- Initiatives and programs: MITRE Engenuity develops and supports targeted initiatives and programs focused on specific challenges, such as the Center for Threat-Informed Defense, which concentrates on improving organizations’ security posture through threat intelligence and threat-informed defense practices.
- Knowledge sharing: The organization shares its findings, best practices, and innovative solutions with stakeholders to encourage wider adoption and drive positive change across various sectors.
- Conferences and events: MITRE Engenuity organizes conferences, workshops, and events that bring together experts and stakeholders from different sectors to discuss and explore solutions to pressing challenges.
- Education and training: The organization contributes to education and training efforts in relevant fields, helping to develop the next generation of experts and professionals.
- Technical assistance: MITRE Engenuity may offer technical assistance to its partners, leveraging its expertise and the knowledge base of its parent organization, MITRE Corporation.
What Are MITRE Engenuity ATT&CK Evaluations?
MITRE Engenuity ATT&CK Evaluations is an independent assessment program that evaluates cybersecurity products and solutions against the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework. ATT&CK is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations. The framework is used as a foundation for the development of threat models and methodologies in the private sector, government, and the cybersecurity product and service community.
The goal of MITRE Engenuity ATT&CK Evaluations is to provide organizations with objective, transparent, and actionable information about the effectiveness of cybersecurity products in detecting and mitigating real-world cyber threats. This helps organizations make informed decisions when selecting cybersecurity tools and solutions to protect their infrastructure.
Related content: Read our guide to MITRE ATT&CK mitigations
Benefits of MITRE Engenuity ATT&CK Evaluations for Organizations
MITRE Engenuity ATT&CK Evaluations are important for several reasons, as they contribute to improving the overall state of cybersecurity and help organizations make informed decisions regarding their security posture. Some of the key reasons why these evaluations are important include:
- Realistic scenarios: The evaluations use real-world adversarial tactics, techniques, and procedures (TTPs) based on the ATT&CK framework. This ensures that the tested security products and services are evaluated against practical and relevant threat scenarios, providing valuable insights into their real-world effectiveness.
- Objective assessment: MITRE Engenuity conducts these evaluations as an independent, non-profit organization. The assessments are unbiased and focused on the performance of cybersecurity tools in detecting and mitigating threats, providing organizations with trustworthy information for decision-making.
- Better-informed decisions: The results of ATT&CK Evaluations help organizations make more informed decisions when selecting and deploying cybersecurity tools. By understanding the strengths and weaknesses of various security solutions, organizations can choose products and services that best fit their needs and risk profiles.
- Continuous improvement: The evaluations encourage cybersecurity vendors to continuously improve their products and services. By participating in the evaluations and receiving feedback, vendors can identify areas for enhancement, ultimately leading to better protection against cyber threats.
- Greater transparency: MITRE Engenuity ATT&CK Evaluations promote transparency in the cybersecurity industry by providing detailed information on the performance of different security tools. This transparency helps build trust between vendors and customers and fosters a more collaborative approach to addressing cybersecurity challenges.
- Knowledge sharing: The evaluations contribute to a broader understanding of cyber threats and the effectiveness of various defense mechanisms. By sharing the results and methodology with the cybersecurity community, MITRE Engenuity helps advance the collective knowledge and capability to counter evolving threats.
Use Cases for MITRE Engenuity ATT&CK Evaluations
Organizations can use MITRE Engenuity ATT&CK Evaluations to make informed decisions when selecting and deploying cybersecurity products and solutions. The evaluations provide valuable insights into how different tools and solutions perform against real-world cyber threats based on the ATT&CK framework. Here are some ways organizations are using MITRE Engenuity ATT&CK Evaluations:
- Comparing cybersecurity solutions: The evaluations allow organizations to compare the performance of different cybersecurity vendors and products against a common set of criteria and attack scenarios. This enables organizations to identify solutions that best meet their specific requirements and risk tolerance.
- Identifying strengths and weaknesses: The evaluations provide insights into the strengths and potential areas of improvement for each evaluated product. Organizations can use this information to assess whether a particular solution aligns with their security priorities and to identify potential gaps in their security posture.
- Enhancing security awareness and training: Organizations can use the evaluation results to raise awareness of the latest attack techniques and improve their security training programs. This can help employees better understand the threat landscape and adopt best practices to protect organizational assets.
- Vendor engagement: The evaluations can serve as a basis for organizations to engage with vendors, discuss product capabilities, and request improvements or enhancements based on the evaluation results.
Exabeam embraces MITRE frameworks
The Exabeam family of products — Exabeam Fusion, Exabeam Security Investigation, Exabeam Security Analytics, Exabeam SIEM, and Exabeam Security Log Management — map attacks, alerts, and core use cases against the MITRE ATT&CK framework. Additionally, customers can write their own Correlation Rules to compare incoming log events.
Organizations can write, test, publish, and monitor their custom Correlation Rules to focus on the most critical business entities and assets, including defining higher criticality or specific inclusion of Threat Intelligence Service-sourced conditions, and assign specific MITRE ATT&CK® TTPs.