All postsTesting anti-breach products needs the full chain of attack. Symantec Endpoint Security Complete is the first endpoint detection and response offering to face our brand new Breach Response Test.
The New Breach Response Test
This Breach Response Test is a new kind of test. We believe that the testing behind this report used the largest range of relevant threats in any publicly available test. And the analysis of how the products tested work is the most in-depth.
We go into some detail in the report (on page 9) about how threats work in a chain of stages. This is a really important and possibly unique feature of the Breach Response Test. It’s crucial to copy attackers’ techniques in full when assessing security products like Symantec Endpoint Security Complete.
A computer breach causes some kind of damage, whether that involves deleting or encrypting files on a computer system; stealing data that damages a company’s ability to compete; or stealing personal data for use in fraud. The possibilities and combinations are endless, but ultimately damage has to be done. Cyber criminals don’t usually hack systems out of simple idle curiosity.
Full Attack Chain Testing
This is an important detail frequently overlooked in security testing, which often examines a product or service’s ability to stop certain stages of attack, but not the full chain of events that run from the initiation of an attack through to a successful completion of the attacker’s prime goal.
Testers should not assume that certain approaches to protection are better than others. If a security company makes the world’s best behavioural detection system but a test pays attention only to URL blocking technologies then the product will fail the test, while in reality customers who use it would be protected.
It is common for us to see a product appear to fail, and allow malware to run, even to the point where we obtain a remote connection to the target. However, when we try to take control of that system we may be blocked from doing so. A tester that sees the connection open might wrongly conclude that the product has failed. It is only by running through the entire attack process that it is possible to assess a product’s full abilities.
