MITRE has published the results of the 2025 ATT&CK Evaluations for enterprise cybersecurity solutions.
Eleven companies took part this year: Acronis, AhnLab, CrowdStrike, Cyberani, Cybereason, Cynet, ESET, Sophos, Trend Micro, WatchGuard, and WithSecure.
The MITRE ATT&CK Evaluations are independent assessments designed to test the effectiveness of commercial cybersecurity products against real-world attack scenarios.
This year’s evaluations focused on two scenarios: one inspired by attacks conducted by the notorious cybercrime group Scattered Spider, and one inspired by the Chinese state-sponsored threat actor Mustang Panda.
The Scattered Spider scenario marked the first time MITRE’s assessment tested cybersecurity products against attacks involving cloud infrastructure.
The federally funded research center also tested the ability of products to detect adversary reconnaissance activities for the first time.
“The evaluation framework has been enhanced to place greater emphasis on protection, focusing on a solution’s ability to block adversaries and contain threats in real time. The detection evaluation has been rebalanced to prioritize high-fidelity alerts that deliver actionable context for security operations teams, helping to reduce alert fatigue,” MITRE explained.
The results of the 2025 ATT&CK Evaluations are available on the MITRE website.
As always, MITRE has pointed out that “the evaluations do not rank vendors but provide objective, evidence-based results that enable organizations to determine which cybersecurity solutions fit their specific needs”.
Several participating cybersecurity companies have boasted about the results they obtained in the latest MITRE ATT&CK Evaluations. Although they avoided outright declarations of victory, as some did in past years, several firms highlighted their attainment of 100% detection and protection rates within specific evaluation categories.
Allie Mellen, principal analyst at Forrester, pointed out after last year’s evaluations that vendor claims about getting 100% should not be trusted.
“If a vendor says that it achieved 100% on the evaluations, it is likely doing one or more of the following: manipulating the results by only showing parts of results that they feel benefit them; turning on settings in the product that are unrealistic for a real-world environment so as to appear more effective; treating the results as a competition instead of a learning opportunity and a chance to improve the product.”
Major companies such as Microsoft, Palo Alto Networks, and SentinelOne withdrew from the evaluations this year, stating that the MITRE program requires a resource-intensive commitment, leading them to allocate resources elsewhere.
Related: MITRE Unveils ATT&CK v18 With Updates to Detections, Mobile, ICS
Related: AMTSO Releases Sandbox Evaluation Framework
Related: MITRE Updates List of Most Common Hardware Weaknesses
