"MITRE Engenuity Launches Evaluations for Security Service Providers"

MITRE Engenuity has released a new set of evaluations for Managed Security Service Providers (MSSPs), which could provide enterprise decision-makers with a useful resource to consult when choosing a provider. The key to gaining value from the information is understanding how to interpret the results, according to MITRE and others. The first-ever MITRE Engenuity evaluation of security service providers offers detailed information on how various MSSPs analyze and describe adversary behavior to their clients. MITRE's assessment leaves it entirely up to security professionals and teams who use the data to make vendor comparisons. MITRE Engenuity provided each participating vendor with the opportunity to deploy their adversary detection and monitoring tools on an MITRE-hosted Microsoft Azure environment for the evaluation. A MITRE purple team then carried out a simulated environmental attack using the tactics and techniques of the well-known Iranian threat group OilRig. Participants in the evaluation were aware that the simulated attack would take place during business hours over a two-week period. However, MITRE did not provide them with more specific timing, techniques, or which adversary MITRE Engenuity was emulating. MITRE Engenuity's team demonstrated commonly used adversary tactics such as spear-phishing for initial access, credential dumping, web shell installation, lateral movement, data exfiltration, and cleanup during the simulated attack. Vendors could use any of the tools in their MDR portfolio to evaluate and report on malicious activity. However, MITRE's rules prevented them from responding or blocking the attack because the goal was to see how each service provider detected and analyzed the unfolding attack, as well as the detail and clarity with which they reported their findings. This article continues to discuss MITRE Engenuity's ATT&CK Evaluations for Managed Services.

Dark Reading reports "MITRE Engenuity Launches Evaluations for Security Service Providers"

Submitted by Anonymous on