While organizations know that robust security solutions are imperative, determining what’s best is no easy feat. There is often a disconnect between security solution providers and their users, particularly related to how these solutions address real-world threats.


Our mission is to bridge this gap by enabling users to better understand and defend against known adversary behaviors through a transparent evaluation process and publicly available results – leading to a safer world for all.

Completed Evaluations

View the methodology and results from prior evaluations


APT3 (Enterprise 2018)

APT29 (Enterprise 2019)

In Progress

Learn more about current and upcoming evaluations


Carbanak+FIN7 (Enterprise 2020)

TRITON (ICS 2020)

Open, Rigorous and Sophisticated Testing

What we bring to the table is unique. Our real-world threat inspired methodologies are open and transparent. All results are publicly available and collaboratively produced with participants. There is no competitive analysis. We don’t rank products against each other. And there is no “winner.” Instead, we show how each vendor approaches threat detection through the language and structure of the MITRE ATT&CK® knowledge base, and provide tools to allow the community to assess which product best fits their individual needs.

Evaluation Results that Help Assess And Select Products

Our evaluations are focused on the technical ability to address known adversary behavior. It’s smart to consider other factors not included in our evaluations to determine which tool is best for your needs. One product may not fit every need, and products can address different challenges in various ways. Here are some resources that can help.

The ATT&CK Evaluations program continues to develop new methodologies, open new rounds of evaluations, publish results, and create content so you can run your own evaluations or use our results more effectively. Signup to our mailing list if you would like to be informed when we release new content and open call for participations.