This website uses cookies to ensure you get the best experience on our website.
Please note that by continuing to use this site you consent to the terms of our Privacy and Data Protection Policy.
Accept

AV-Comparatives Introduces Enterprise-Class EPR – Endpoint Prevention and Response Cyberrisk Test

As the number and complexity of advanced persistent threats increase, so does the importance of endpoint detection and response systems.

AV-Comparatives has developed a comprehensive methodology for testing enterprise-class EPR (Endpoint Prevention and Response) systems, with tests commencing mid-Q3 2020, and results being published around mid of Q4 2020.

AV-Comparatives have been working closely with the IT security teams, security practitioners and security operation centre (SOC) personnel of typical enterprises that already employ EPR systems or are planning to do so in the future.

The full methodology can be downloaded here:
EPR_Methodology_AVC

For more information and submitting your product please contact the AVC EPR team via mail: [email protected]

Scenarios

The scenarios to be used in AVC’s test of EPR products are based on this feedback. The test framework is flexible enough to allow for different scenarios in the future, as the technical nature of advanced threats (including APTs) evolves.

This will be the first time that such a comprehensive comparative test of EPR systems has been performed. It will allow participating vendors to showcase their respective products’ features, functionality, and detection/response metrics, as well as illustrating the value provided by investing in these solutions.

Detecting and Monitoring

The aim of the test will be to determine  if the endpoints have been protected against compromise, but also to evaluate the effectiveness of the tested systems in monitoring the attacks and providing reporting.

Kill-Chain

The methodology considers the typical stages of an attack kill-chain, in order to find out how the tested EPR products identify, detect and collect data on them. These include initial access, execution, persistence, privilege escalation, credential access, data collection and exfiltration.

Various aspects of the tested EPR systems’ functionality will be validated, including time to respond, threat classification, threat resolution options, threat timeline, endpoint and user data, and the ability to correlate and present data from multiple sources, including third-party.

Obfuscation

AV-Comparatives’ EPR testing methodology will include obfuscation techniques in the attacks, to determine the tested products’ abilities to cope with detection-avoidance mechanisms in realistic enterprise-attack scenarios.

For more information and submitting your product please contact the AVC EPR team via mail: [email protected]

Picture credit: Gorodenkoff – stock.adobe.com