About ATT&CK


Since MITRE released ATT&CK® in May 2015, the community has used it to enable better communication between red teamers, defenders and management. Defenders use ATT&CK for tabletop exercises, assessments, and hands-on evaluations. The security community uses it to perform testing that informs capabilities and gaps in networks and products alike. What makes ATT&CK so appealing for testing is that it is based on the known threat rather than just the hypothetical.

ATT&CK is embraced by both the public and private sectors, because they see the value in ATT&CK as a way of stating what tools can do. These companies are asking vendors to map capabilities to ATT&CK, and similarly, vendors are using ATT&CK to map products to a common language and communicate their capabilities.

Vendors are using ATT&CK to articulate their capabilities, and MITRE Engenuity's ATT&CK Evaluations seek to unbiasedly evaluate their claims in a fair and transparent way.