The 2022 ATT&CK Evaluations for Managed Services Call for Participation is now open. Click here to learn how to participate.

Home  >  Methodology Overview: Evaluation Process

Methodology Overview:
Evaluation Process

Evaluations with Adversary Emulation

Understanding defensive coverage of the ATT&CK knowledge base is complex. ATT&CK has an ever-growing number of techniques. Each of the techniques can be executed in many ways (i.e. procedures). Adversary emulation lets us scope an evaluation that:
Makes it real:
Being threat-informed ensures we can address today’s threats. We use techniques, tools, methods and goals inspired by that of an attacker.
Explores end-to-end activity:
Techniques don’t get executed in a vacuum. We execute techniques in a logical step-by-step ordering to explore the breadth of ATT&CK coverage.
Captures adversary nuance:
Adversaries may execute the same technique, but in very different ways. We use procedural variation in our emulations to capture the same behavior via different methods to explore the depth of ATT&CK coverage.

①   Design   

②   Execute   

③   Release   

Select a threat (incident, group, malware, etc.)
Create the emulation plan
Develop the emulation
Access the environment
Deploy the solution
Perform the evaluation
Process the results
Receive feedback
Publish the results

Round Methodologies:

Learn more about round-specific approaches that are used in evaluating vendors.

Sign Up Today!

Articulate your capability’s ability to defend against adversary behaviors with ATT&CK Evaluations. Sign up to test your cybersecurity technology and acquire unbiased feedback.