MITRE: To test and gain confidence in MSSPs, use ATT&CK framework

Enterprises have a substantially lower level of confidence in their MSSP (managed security services provider) support than they do in their in-house capabilities, according to a recent survey commissioned by R&D foundation MITRE Engenuity.

To address these concerns, the organization — part of MITRE, a not-for-profit corporation that operates federally funded research facilities focusing on safety and security — has a recommendation. To better evaluate and gain a sense of confidence in service providers' capabilities, MITRE says, companies should apply the ATT&CK (adversarial tactics, techniques, and common knowledge) security evaluation framework, often used for endpoint vendor assessment, to MSSPs.

To read this article in full, please click here