Skip to content

CounterCraft Participates in the MITRE Engenuity ATT&CK Evaluation Trials

Home News & Blogs CounterCraft Participates in the MITRE Engenuity ATT&CK Evaluation Trials

CounterCraft is thrilled to announce that we will be participating in the MITRE Engenuity ATT&CK Evaluation Trials for deception.

The evaluation trials are tailored, focused research projects into different security solutions. The MITRE Engenuity ATT&CK® Evaluations began in 2018 and are designed to provide clarity around ATT&CK coverage and are well-regarded, industry standard-setting evaluations.

It is an honor to be a part of MITRE’s first Trial research project. Read on for more about these exciting Evaluation Trials.

What Are ATT&CK Evaluations?

Since MITRE ATT&CK launched in 2015, it has become an industry standard setter, enabling better communications and management around cybersecurity. The ATT&CK Evaluations are designed to provide vendors with an assessment of their ability to defend against specific adversary tactics and techniques.

MITRE’s expert team emulates known adversary behavior to ensure the evaluation is threat-informed and carefully selects adversaries that allow us to exercise common ATT&CK techniques. The end result is not just a one-on-one evaluation, but an overall push to encourage the market to more effectively secure the world’s networks. Results are not scores, rankings or ratings, but unique looks into how each vendor approaches threat detection. They are openly published to provide industry end-users of these cybersecurity products with the information they need to make good decisions about what is best for their organizations.

As unbiased assessments of detection and protection capabilities, ATT&CK Evaluations play an important part in the industry and serve to highlight potential gaps.

Why Evaluation Trials for Deception?

Deception is a booming sector of the cybersecurity market. According to MITRE, “Deception technology offers a unique value to organizations seeking to understand adversary behavior. It can dramatically increase analyst confidence in detection via high fidelity tripwires, causing the adversary to waste time, money, or capability, and potentially provide us critical new insights into adversary behavior. Each of these use cases starts to put power into the defenders’ hands when they have long since been forced to be reactionary.”

MITRE, and of course we at CounterCraft, consider deception an important piece of cybersecurity, which is the reason these evaluation trials will be going forward.

What Will the Evaluation Trials for Deception Consist of?

The team behind MITRE has been working hard behind the scenes to construct a deception methodology. We have had numerous conversations with the team on the importance of deception that provides meaningful results to end-users.

After these conversations, the Evaluation Trials teams came up with two main questions:

  •  Did the adversary encounter the deception (i.e., could the deception capability affect the adversary)?
  •  Did the adversary engage the deception (i.e., did the deception capability affect the adversary)?

It is these two questions that will frame the evaluations of deceptions, and we believe they are two questions that are great for judging the effectiveness of deception in general. They are, however, quite complex questions. Finding out if the adversary encountered the deception is the more simple of the two, but engagement can be trickier to measure.

The team is committed to measuring outcomes in a universally fair way, as the market’s leading deception vendors have very different products. The objective of the trials will be to identify common measures that would allow talking about products in a similar language, while still appreciating their unique capabilities and target use cases.

We are very excited to have been invited to be a part of this industry-shaping research.

For more information on the Deception edition of the ATT&CK Trials, you can check out MITRE’s post on the topic.

About MITRE Engenuity

MITRE Engenuity is the tech foundation for public good and forms part of the MITRE community. This group of innovators and leaders harnesses MITRE’s 60+ years of R&D in the cybersecurity sector and utilizes the lessons and knowledge learned to solve problems for a safer world by accelerating innovation with industry in the public interest.

Driven by research and technology, MITRE Engenuity’s goal is to stabilize the industries that make up critical infrastructure, like finance, telecommunications and healthcare. The solutions that Engenuity drives forward are available for all businesses and important for innovation that changes industries and becomes a global standard. Engenuity works on the basis that these global challenges require partnership.

We are proud to work with MITRE Engenuity.