Methodology Overview:
Evaluation Process
Evaluations with Adversary Emulation
Understanding defensive coverage of the ATT&CK knowledge base is complex. ATT&CK has an ever-growing number of techniques. Each of the techniques can be executed in many ways (i.e. procedures). Adversary emulation lets us scope an evaluation that:
Makes it real:
Being threat-informed ensures we can address today’s threats. We use techniques, tools, methods and goals inspired by that of an attacker.
Explores end-to-end activity:
Techniques don’t get executed in a vacuum. We execute techniques in a logical step-by-step ordering to explore the breadth of ATT&CK coverage.
Captures adversary nuance:
Adversaries may execute the same technique, but in very different ways. We use procedural variation in our emulations to capture the same behavior via different methods to explore the depth of ATT&CK coverage.
① Design
② Execute
③ Release
Round Methodologies:
Learn more about round-specific approaches that are used in evaluating vendors.
Sign Up Today!
Articulate your capability’s ability to defend against adversary behaviors with ATT&CK Evaluations. Sign up to test your cybersecurity technology and acquire unbiased feedback.