LATEST INTELLIGENCE
ADVANCED ENDPOINT
PROTECTION TEST REPORT
CHECK POINT SOFTWARE TECHNOLOGIES CHECK POINT
SANDBLAST AGENT NEXT GENERATION AV
T
he aim of this section is to verify that the AEP
product is capable of detecting, preventing
and continuously logging threats accurately,
while remaining resistant to false positives. This
section utilises real threats and attack methods that
are being used by cybercriminals and other threat
actors, based on attacks collected from NSS’ global
threat intelligence network.
PRESENTED BY
Download whitepaper here
The ultimate goal of any attack on a computer
system is to gain access to a target host and
perform an unauthorised action that results in the
compromise or destruction of an asset or data.
Computer systems are designed with many levels of
protection to prevent unauthorised access.
However, intruders may use several techniques to
circumvent these protections, such as targeting
vulnerable services, invoking privilege escalation, or
replacing key operating system files. AEP products
protect against automated and manual threats by
leveraging the following key capabilities:
• Inbound threat detection and prevention (prior
to execution)
• Execution-based threat detection and prevention
(during execution)
www.intelligentcio.com
• Continuous monitoring post-infection and ability to
act in the event of compromise (post-execution)
NSS has created a unique testing infrastructure – the
NSS Labs Live Testing harness, which incorporates
multiple product combinations, or ‘stacks’, within the
attack chain. Each stack consists of either an operating
system alone or an operating system with additional
applications installed (e.g. a browser, Java and Adobe
Acrobat). This test harness continuously captures
suspicious URLs, exploits, and malicious files from
threat data generated from NSS and its customers,
as well as data from opensource and commercial
threat feeds. Captured malicious samples are further
validated to confirm that they are malicious in nature.
During testing, NSS combines its knowledge of a
product’s defensive capabilities with these samples.
An AEP product must be able to detect, prevent,
continuously monitor and take action against threats
while providing end-to-end visibility through event
logs generated by the endpoint product. Each type
of threat (e.g. malware, exploits, blended threats and
evasions) contains unique infection vectors. This test
aims to determine how effectively the AEP product
can protect against a threat, regardless of infection
vector or method of obfuscation. n
INTELLIGENTCIO
19