In 2015, the traditional endpoint security industry saw dramatic changes. To this end, NSS Labs has created a blueprint for the security industry’s first endpoint product-based group test, which will tackle the challenges surrounding the market’s current scope of products. This test, coined Advanced Endpoint (AEP), will be conducted between May and July 2016.

The playing field is huge. Participants in the test will include leading established endpoint vendors and the top emerging endpoint vendors that are working to define and/or reshape the advanced endpoint protection market. NSS is currently tracking more than fifty vendors touting capabilities in this space.

The goal of the AEP Test Methodology is to provide test guidelines that validate key product attributes for the advanced endpoint product.

NSS’ AEP group test will validate whether or not the endpoint products claiming advanced endpoint capabilities are able to:

  • Prevent, detect, continuously monitor, and take action against threats throughout the threat life cycle within an enterprise environment.
  • Provide context-aware, continuous, end-to-end visibility of threats against the end user and/or enterprise

There are three phases within the test, each of which will stress different but essential advanced endpoint (AEP) product functionalities:

  • Prior to execution: Inbound threat prevention and detection
  • During execution: Execution-based threat prevention and continuous monitoring
  • Post-execution: Continuous monitoring on post-infection compromise and have the ability to take action

The following are some of the capabilities of an AEP product:

  • Identification of indicators of compromise
  • Identification of indicators of attack
  • Anti-malware and anti-exploit detection techniques (signatures, heuristics, or both)
  • Reputation and application control modules.
  • Whitelisting/blacklisting
  • Offline detections
  • Sandboxing that allows for modeling of internal systems
  • Emulation
  • Virtualization
  • Endpoint traffic analysis (host firewall, network and flow monitoring, and client HIPS)
  • Post-infection monitoring, alerting and response.

Stay tuned for NSS’ publication of the AEP Test Methodology in early March.