Breach Detection, Protection and Response Testing: The Next-Gen Approach

Presented at VB2016, Oct. 5, 2016, 3 p.m. (30 minutes).

We've seen the rise of the next-generation security products. Now it's time for next-generation testing. A large range of products exist to help detect and investigate breaches. While some of these overlap with anti-malware protection products, testing them requires more than simply scanning (or even executing) malware. We propose that, in order to gain a good understanding of the efficacy of such products, realistic attacks are required that progress from the initial breach through to a logical conclusion.

This paper outlines a full methodology for testing a wide range of security products, including those deployed as endpoint agents, perimeter gateways and cloud-based services. Different types of product can now be tested either individually or in collaboration with other solutions. For example, it is possible to test anti-malware and 'detection and response' endpoint agents; intrusion detection appliances; email gateways; cloud-based web filters; and both on-premises and cloud-based sandboxes.

In the presentation we will demonstrate what a full breach looks like (and why we are confident that this is what the real bad guys are doing) and deliver some results that show how different types of products work and interact with each other to provide levels of protection, remediation and actionable insight into a breach's history.


Presenters:

  • Simon Edwards - SE Labs
    Simon Edwards An IT journalist between 1995 and 2010, Simon worked on the UK's biggest computer magazine titles. At Dennis Publishing these included titles such as Computer Shopper, PC Pro, Computer Active, Web User, Mac User and IT Pro. Simon's area of expertise is anti-malware testing and he was, until the end of 2015, Technical Director of Dennis Technology Labs, an independent security testing business that was part of the Dennis Publishing media company. He then founded SE Labs, which specialises in advanced security testing. He also provides technical advice to a number of specialist security companies. A founder member of the Anti-Malware Testing Standards Organization (AMTSO), Simon was chairman of its Board of Directors between 2012 and 2015. He continues to serve on AMTSO's Board of Directors. @selabsuk

Links:

Similar Presentations: