MITRE Expands Security Testing to Services, Deception Tools & More>
E Security Planet – John Iwuozor
MITRE is moving beyond its well-regarded endpoint security evaluations and will soon be testing other security services and products.
MITRE recently issued a call for participation for ATT&CK Evaluations for Managed Services, designed to reveal how managed security service providers (MSSPs) and managed detection and response (MDR) respond to adversarial attacks. Except unlike its Enterprise evaluations, managed services participants wonât know the adversary emulated until the testing is complete, âthough it will be based upon publicly available threat intelligence.â
MITREâs assessments do not include a competitive analysis. There are no rankings, scores, or ratings. Rather, they demonstrate how each vendor handles threat detection using the ATT&CK knowledge base. They are able to give an unbiased assessment of detection and protection capabilities, as well as identify potential gaps, by selectively picking adversaries and freely sharing results.
MITRE is developing a deception approach that will provide end-users with relevant findings, define important distinctions in vendor product strategies, and do so in âa fair and open manner.â
Link: https://www.esecurityplanet.com/endpoint/mitre-expands-security-testing-to-services-deception-tools/