Enterprises have a substantially lower level of confidence in their MSSP (managed security services provider) support than they do in their in-house capabilities, according to a recent survey commissioned by R&D foundation MITRE Engenuity.
To address these concerns, the organization — part of MITRE, a not-for-profit corporation that operates federally funded research facilities focusing on safety and security — has a recommendation. To better evaluate and gain a sense of confidence in service providers' capabilities, MITRE says, companies should apply the ATT&CK (adversarial tactics, techniques, and common knowledge) security evaluation framework, often used for endpoint vendor assessment, to MSSPs.