Publish Date: June 8, 2020
What was known as the Advanced Endpoint Protection test is being renamed Endpoint Protection Platforms (EPP) for this next group test. The accompanying Test Methodology is version 1.0. We welcome feedback from the enterprise and vendor communities.
The convergence of cloud computing, omnipresent + ubiquitous high-speed internet, and tools that enable remote mobile workforces are changing how modern enterprises operate. At the same time, threat actors including cybercriminals are becoming ever more adept at technical and social engineering – capable of carrying out sophisticated attacks that consistently breach modern network defenses. Strong threat protection technologies on the endpoint are required to defeat these incursions.
Endpoint Protection Platforms (EPP) provide access control, attack prevention (malware, exploits, phishing), as well as threat detection, and robust logging to facilitate investigation. The following features are fundamental to an endpoint protection platform:
- Malware detection and prevention
- Exploit detection and prevention
- Phishing detection and prevention
- Detection of or alerting on anomalous activity
- Forensic information with enough detail to support basic incident response needs by security analyst teams
- Central management system, either cloud-delivered or on premises
Endpoint Protection often utilizes multiple technologies including signatures, heuristics machine learning, URL and file reputation systems (whitelisting/blacklisting), process monitoring, sandboxing, post-infection detection such as monitoring for communication with command and control servers and monitoring for lateral movement, and file integrity monitoring (continuous audit of the file system and registry).