Latest security tests introduce attack chain scoring

When is a security
breach serious, less serious or not a breach at all?

Latest reports now online.

UPDATE (29/10/2018): This set of reports are confirmed to be compliant with AMTSO Standard v1.0 by the Anti-Malware Testing Standards Organization.

Our endpoint
protection tests have always included targeted attacks.

These allow us to gauge
how effectively anti-malware products, in use by millions of customers, can
stop hackers from breaching your systems.

We penalise
products heavily for allowing partial or full breaches and, until now, that
penalisation has been the same regardless of how deeply we’ve been able to
penetrate into the system. Starting with this report we have updated our
scoring to take varying levels of ‘success’ by us, the attackers, into account.

The new scores only
apply to targeted attacks and the scoring system is listed in detail on page
eight of each of the reports.

If the attackers
are able to gain basic access to a target, which means they are able to run
basic commands that, for example, allow them to explore the file system, then
the score is -1.

The next stage is to attempt to steal a file. If successful
there is a further -1 penalty.

At this stage the
attackers want to take much greater control of the system. This involves
increasing their account privileges – so-called privilege escalation. Success
here turns a bad situation worse for the target and, if achieved, there is an
additional -2 penalty.

Finally, if escalation is achieved, certain
post-escalation steps are attempted, such as running a key logger or stealing
passwords. A final -1 penalty is imposed if these stages are completed, making
possible scores for a breach range between -1 and -5 depending on how many
attack stages are possible to complete.

We have decided not
to publish exact details of where in the attack chain each product stands or
falls, but have provided that detailed information to the companies who produce
the software tested in this report and who have asked for it.

If you spot a
detail in this report that you don’t understand, or would like to discuss,
please contact us via our Twitter or Facebook accounts.

SE Labs uses current threat intelligence to make our tests as realistic as possible. To learn more about how we test, how we define ‘threat intelligence’ and how we use it to improve our tests please visit our website and follow us on Twitter.
Our latest reports, for enterprisesmall business and home users are now
available for free from our website. Please download them and follow us on 
Twitter and/or Facebook to receive updates and future reports.

*** This is a Security Bloggers Network syndicated blog from SPECIAL EDITION authored by Simon PG Edwards. Read the original post at: