Selecting the right cybersecurity technology remains an arduous task. As the vendor market expands and newer technologies emerge, like Extended Detection and Response (XDR), evaluating competing solutions is prohibitively time-consuming. Other than running a time and resource-consuming proof of value (POV) evaluation – a live trial – in your environment and getting trusted client references, evaluating real-world capabilities is difficult.
Fortunately, MITRE developed a testing methodology to objectively evaluate endpoint security solutions based on the highly regarded MITRE ATT&CK framework. The evaluation tests the endpoint protection solutions against a simulated attack sequence based on real-life approaches taken by well-known Advanced Persistent Threat (APT) groups. The most recent MITRE ATT&CK evaluation included 30 vendor solutions using attack sequences based on the Wizard Spider and Sandworm threat groups.
As in the past, MITRE does not rank or score vendor results. Instead, the raw test data is published along with some basic online comparison tools. Buyers can use the data to evaluate the vendors as they see fit based on their company’s unique priorities and needs. But the results are not presented in the familiar four-quadrant matrix or ranked using common analyst methodology, making it hard for people to know how to best use the results in their search.
Vendor selection is not a one-size-fits-all methodology. This guide provides advice and considerations for how to use the MITRE ATT&CK results as one component of your selection criteria as you determine which vendor will meet your specific needs.