Save or Share this Report

For Security & Risk Professionals

The Forrester MITRE ATT&CK Evaluation Guide

An Objective Analysis Of The Evaluation And How To Interpret The Results

May 21, 2019

Primary author headshot


Why Read This Report

In an industry desperate for objective efficacy testing, the introduction of the MITRE ATT&CK evaluation of endpoint detection and response (EDR) security products is a much-welcomed event. However, when MITRE published the results of seven EDR products, it did so as a scientific data set, leaving security pros to interpret individual vendor performance on their own. This report is Forrester's guide to understanding the results and our analysis of what each vendor's results say about their offering. This report will act as a living document and will be updated to include data for other vendors that complete this evaluation and have their results published by MITRE.

Become a Forrester Client

Customers are the new market-makers, reshaping industries and changing how businesses compete and win. Success depends on how well and how fast you respond. Forrester Research gives you insights and frameworks aligned to your role to shorten the time between a great idea and a great outcome, helping your teams win in the age of the customer. Contact us to learn more.

Purchase Report

This report is available for individual purchase ($499 USD).


Table of Contents

  • The ATT&CK Eval Is An Important First Step For EDR Efficacy Testing
  • The Forrester Guide To The MITRE ATT&CK Evaluation Results
  • Our Analysis Demonstrates How Vendors Prioritize Detection
  • Chronological Update Of Vendors Evaluated After The Initial Cohort
  • Recommendations

  • Use This Evaluation With Forrester's EDR Wave For Vendor Selection
  • What It Means

  • The ATT&CK Evaluation Will Drive The Next Detection Paradigm
  • Supplemental Material
  • Related Research Documents

Recommended Research

Save this report