11/29/2023 0 Comments Gdata vs bitdefender![]() The lab uses color coding for quick evaluation of the table. ![]() If during a test a security package detects ransomware in one of the first two steps (initial access or execution), the attack is considered thwarted. The lab also explains the exact technical steps of an Advanced Threat Protection test in the already released article New Lines of Defense: EPPs and EDRs Put to the Test Against APT and Ransomware Attacks. In the process, the lab specifies the definitions in MITRE ATT&CK “Techniques” codes. The test scenarios list the type of attack in each step. Afterwards, the ransomware starts to take over and encrypt the system with various steps. ![]() It contains an executable file that launches immediately upon unzipping. An e-mail arrives with a zip file attachment, for example. The 10 scenarios are explained in the charts below. In 10 defined, realistic scenarios under Windows, each individual solution is required to detect and fend off ransomware or identify its further steps and stop the attack. The other 17 security solutions for corporate users originate from AhnLab, Avast, Bitdefender (2 products), Comodo (soon to be Xcitium), G DATA, Kaspersky (2 products), Malwarebytes, Microsoft, Sangfor Technologies, Seqrite, Symantec, Trellix, Trend Micro, VMware and WithSecure (formerly F-Secure Business). The 17 security packages for consumer users come from AhnLab, Avast, AVG, Avira, Bitdefender, F-Secure, G DATA, K7 Computing, Kaspersky, Malwarebytes, McAfee, Microsoft, NortonLifeLock, PC Matic,, Trend Micro and VIPRE Security. The products examined in the test are divided up into two groups with 17 products each. 34 solutions put to the test – 340 live scenarios In the test, all products – whether they be for corporate or consumer users – are each required to withstand 10 live scenarios with ransomware. Insights into how well everything works are provided by the Advanced Threat Protection tests from AV-TEST. However: even ransomware not detected in the beginning can still be stopped during the course of the attack. Unlike traditional malware, the mere detection of ransomware does not always lead to successful defense. That is why it is all the more important to know how well security solutions identify, stop and liquidate the attackers. This model will naturally result in more and more attacks with ransomware now and in the future. A portion of the money collected from each individual extortion goes immediately to the APT group. The ransomware is delivered, and the infrastructure is made available. With the rise of RaaS, APT groups are giving relevant licenses to attackers having little experience with ransomware. As if the attacks of the normal APT groups weren’t enough stress, their new business model, RaaS, Ransomware-as-a-Service, is gaining more and more traction.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |