AV-Comparatives Introduces Enterprise-Class EPR – Endpoint Prevention and Response Cyberrisk Test
As the number and complexity of advanced persistent threats increase, so does the importance of endpoint detection and response systems.
AV-Comparatives has developed a comprehensive methodology for testing enterprise-class EPR (Endpoint Prevention and Response) systems, with tests commencing mid-Q3 2020, and results being published in Q4 2020.
AV-Comparatives have been working closely with the IT security teams, security practitioners and security operation centre (SOC) personnel of typical enterprises that already employ EPR systems or are planning to do so in the future.
The full draft methodology can be downloaded here.
For more information and submitting your product please contact us here.
Scenarios
The scenarios to be used in AVC’s test of EPR products are based on this feedback. The test framework is flexible enough to allow for different scenarios in the future, as the technical nature of advanced threats (including APTs) evolves.
This will be the first time that such a comprehensive comparative test of EPR systems has been performed. It will allow participating vendors to showcase their respective products’ features, functionality, and detection/response metrics, as well as illustrating the value provided by investing in these solutions.
Detecting and Monitoring
The aim of the test will be to determine if the endpoints have been protected against compromise, but also to evaluate the effectiveness of the tested systems in monitoring the attacks and providing reporting.
Kill-Chain
The methodology considers the typical stages of an attack kill-chain, in order to find out how the tested EPR products identify, detect and collect data on them. These include initial access, execution, persistence, privilege escalation, credential access, data collection and exfiltration.
Various aspects of the tested EPR systems’ functionality will be validated, including time to respond, threat classification, threat resolution options, threat timeline, endpoint and user data, and the ability to correlate and present data from multiple sources, including third-party.
Obfuscation
AV-Comparatives’ EPR testing methodology will include obfuscation techniques in the attacks, to determine the tested products’ abilities to cope with detection-avoidance mechanisms in realistic enterprise-attack scenarios.
For more information and submitting your product please contact us here.
Picture credit: Gorodenkoff – stock.adobe.com