MITRE Engenuity ATT&CK® Evaluations for Managed Services: Critical Start Participation 

2022 marks MITRE’s first ever ATT&CK Evaluations: Managed Services – and Critical Start is excited to announce that we are participating in the inaugural cohort of 17 participants! 

Managed services play a pivotal role in today’s security posture as organizations are increasingly relying on external support for protection against unwavering cyberattacks. According to the 2021 Managed Services Report: No Rest for the Wary, 68% of organizations rely on managed services to either complement their in-house security operations center (SOC), or as their main line of defense.  

However, this same report also discovered that a significant number of organizations have a low level of confidence in their managed services.  

• Nearly half (47%) of these organizations aren’t confident in their managed service’s people or technology.  

• This is in comparison to those that leverage in-house SOCs, where confidence spikes to 76%. 

Given these significant results, MITRE Engenuity has recognized the importance of the managed security services category and the need to educate customers and help them evaluate service provider capabilities.                     

The goal for the MITRE Engenuity ATT&CK^® Evaluations for Managed Services is to detect the effectiveness of Managed Detection and Response (MDR) and Managed Security Service Providers (MSSP) Service Level Agreements (SLA) delivery for Endpoint Detection and Response (EDR) threat detection.  Many of the same principles of the ATT&CK Evaluation Enterprise will be applied, with the aim of this evaluation to focus on people, process, and technology as part of a good security program. 

We could not be more aligned to the goal of this evaluation. 

Critical Start’s mission in this evaluation is to demonstrate the value and confidence we bring to customers –simplifying breach prevention and keeping your business thriving. We protect your business with the most effective managed detection and response services. 

How Critical Start Aligns to the MITRE Engenuity ATT&CK^® Evaluations for Managed Services 

The opportunity to participate in this evaluation is important for us to understand how we can protect our customers more effectively from adversary activity and keep them thriving.  

Our mission at Critical Start is to be the most effective, easiest to consume and quickest to deploy Managed Detection and Response (MDR) service.  We deliver on our promise via contractual Service Level Agreements (SLAs) for Time to Detection (TTD) and Median Time to Resolution (MTTR), and 100% transparency into our service. The ATT&CK Evaluations for Managed Services are designed to provide the community transparent and threat-informed evaluations that provide a similar level of confidence in managed services as a customer’s  

in-house security operations center (SOC). 

ATT&CK Evaluations for Managed Services will assess MDR and MSSPs in their ability to analyze and describe adversary behavior.  As participants, Critical Start will provide the relevant analysis in the same format we provide to our customers.  Examples will include real-time alerts, reporting, dashboard access and more. MITRE Engenuity will work with participants during this period, and we will be encouraged to ask questions regarding the execution so that we can be the most effective MDR service. 

In conjunction with MITRE Engenuity, results of the evaluations will be published in August 2022.  

Other vendors participating: 

• Atos 
• Bitdefender 
• Blackberry 
• BlueVoyant 
• Critical Start 
• CrowdStrike 
• Cyberreason 
• Microsoft 
• NVISO 
• OpenText 
• Palo Alto Networks 
• Rapid7 
• Red Canary 
• SentinelOne 
• Sophos 
• Trend Micro 
• WithSecure 

For additional information on the ATT&CK Evaluations: Managed Services, you can visit the following overview page:  https://attackevals.mitre-engenuity.org/managed-services/managed-services/#sn-participants.