position

eThreatz Automated Malware Testing

Review by Enex TestLab

Enex Testlab (CSO Online)
— 17 January, 2011 09:09

Page:

1
2
3
4
5
6
7
8
9
10
11
12
13
next >

Introduction

Every month we will be publishing the results of our Enex TestLab eThreatz comparative real world test of eight anti-malware products marketed for the SME sector of business.

eThreatz six-month round-up: Malware innovation outpacing security defences, eThreatz testing shows

The products under eThreatz test will be:

Symantec Endpoint Protection for Small Business
Sophos Anti Virus
Kasperski Small Office Security
Microsoft Security Essentials
Trend Micro Worry Free Business Security Standard Edition
eSet NOD 32 Antivirus
Panda Security for Business
McAfee Endpoint Protection Suite

We will compare the anti malware products under real world conditions using live malware captured from our own honey pots immediately before the testing is carried out. Proven live threats using active attack vectors and benign internet based files will be sought, subsequently analysed, and reported on as percentages in the context of false positives, false negatives, true positives, and true negatives. All testing will be performed via the HyperText Transfer Protocol (HTTP). Enex TestLab will not manufacture or manipulate any malware samples. While an assessment of the security to performance impact ratio of each product under test is possible by Enex TestLab eThreatz, it will not be carried out as part of this standard testing process. A simplified generic example of the test architecture is shown in Figure 1.

Figure 1: Generic test architecture.

The architecture shown in Figure 1 will include a 'control' channel in addition to product offerings 1, 2, and 3. BASE (Behaviour Analysis System Environment) is used to execute and categorise files based on malicious or benign actions. DNA (Direct Network Automation) ensures that all product offerings under test make near simultaneous HTTP connections to each live website in the test set. The architecture ensures that malware and benign threats are captured, analysed, and compared to provide intelligence on which security component (shown in red text) blocks or allows specific files, and at what point in the security chain, depending on the parameters and purpose of the individual test.

The results will be published every month in summary form, freely available to all readers. In addition, a detailed Enex TestLab eThreatz report will be produced and be available by subscription from Enex TestLab.

For more information on Enex TestLab eThreatz anti-malware testing see http://www.enextestlab.com/web/guest/ethreatz

Page:

1
2
3
4
5
6
7
8
9
10
11
12
13
next >

Tags: anti-virus

Comments

Post new comment

CSO Corporate Partners

Get exclusive access to CSO, invitation only events, reports & analysis.

Sophos SafeGuard Enterprise

Your central key for data protection

Submit your training courses

Media Releases

More Media Releases »

Latest Jobs

FTChange Management ProfessionalsNSW
CCIT Project Co-ordinatorNSW
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
FTSenior Network Engineer - Cisco / Nexus / UCS / - Routing / Switching / WirelessNSW
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
FTASP.NET Developer (Digital)NSW
FTSenior Citrix EngineerNSW
FTTechnical Services Engineer - ShoreTel/MitelVIC
FTiPhone App DeveloperNSW
FTSenior Citrix EngineerNSW
CCSystem Engineer - Lync and Exchange - CONTRACTSWA
FTSenior Network Field Engineer - Cisco R&S / Wireless SolutionsNSW
CCSystem Engineer - Exchange - CONTRACTSWA
FTiPhone App DeveloperNSW
CCAvaya Engineer - ERS 8600 4.1NSW
FTiPhone Developer DeveloperNSW
FTTechnical Consultant (VB.NET Developer)NSW

Solution Centers

Security Awareness Tip

Software security company www.clearswift.com gives some advice this holiday season to make sure employees don’t end up on Santa’s naughty list!

At a fundamental business level, social media is a useful additional tool for communicating and collaborating with customers, colleagues and new business prospects. From an HR point of view, the social web is not only useful for recruitment but also as a knowledge network. At an employee level, social media is changing the way we work: Employees increasingly expect to be able to access personal technology and services in the workplace. As the lines between work and home life blur, staff are looking for greater flexibility in their roles; working from home is an increasing trend, but so too is ‘home-ing from work’, where staff expect to be able to perform personal tasks at work.

But social media brings risk and reward to business in equal measure. Information security is a key concern: Many organisations view social media channels as yet another route along which sensitive data can escape from the business, whether accidentally or maliciously. On top of this, senior management may be concerned about the amount of time employees spend on social networks.

This cultural shift raises new questions about trust in the workplace, the balance of power in employer / employee relationship and levels of control over people and content.

Organisations using content and web security technology can manage the way their staff use email and the internet without having to resort to a default position of mistrust. With a whopping third of ANZ employers completely blocking social media access at work, there’s a real danger of throwing the benefits of collaboration out with the risks.

It doesn’t have to be that way.

Trust breeds responsibility: People underestimate the amount of company time they spend on personal browsing. Allow staff to view their own web usage and foster more responsible behaviour without undermining trust.

Know limits: Set clear limits on personal surfing and communicate them to users. Alert them when they are approaching their limit. Help your people to play by the rules.

Share the load: Spread responsibility for usage reporting among managers and department heads so everyone gets to see how their usage impacts on the rest of the organisation. This also gives managers greater control and visibility into usage.

Need to know: Yes, you need reports and visibility. What you don’t need is employee data becoming common knowledge. Access control means reporting can be adjusted on a need-to-know basis.

Security ABC Guides

7 Ways to Protect Your Business Printers

Can a hacker burn down your business by remotely setting one of your printers on fire? Researchers at Columbia University have recently proposed such a scenario, although HP quickly denied that it's possible. However, even if your printers can't be used as remote firestarters, there are many risks involved in networking a printer.

Read More

Market Place