Real-world testing, the good, the bad, and the ugly

Aditya Kapoor McAfee
Craig Schmugar McAfee

  download slides (PDF)

Anti-virus testing has evolved significantly over the past couple of decades, and while great strides have been made, testing still lags to bring out the differences and capabilities of the complex defensive software offerings available today. These products are leveraging highly dynamic environments, from geo-specific telemetry to hardware enhancements to user reputation and many things in between. For example, in a current full product test a product can block 99.99% threats tested with just its URL detection technology, while its behavioural technology does not get a chance to get exercised and hence evaluated (thus keeping various strengths and weaknesses of the product's technology areas under wraps and not available to the general public).

Currently, enterprises and consumers know really well that even with layers of defences they are still susceptible to zero-day malware and targeted attacks. In our experience, the current certification tests fail to isolate the proactive nature of defensive technologies as opposed to the ability of vendors to react quickly to known threats. Currently, to fill the gap vendors often take the route of commissioned testing, but this may not represent the industry standard and is usually a one-time test to showcase a technology. Testing houses need to continue to grow to provide more accurate and actionable information based on their audience as part of ongoing certification tests.

In this presentation we will drill down into some of the challenges anti-virus testers face today, from both threat and product perspectives, and raise additional considerations for what lies ahead. Alternative solutions will be explored with the goal of broadening the conversation within the industry, and ultimately continuing the evolution of security testing in a way that makes sense to everyone and provides maximum return of investment to the customer.

VB2013 takes place 2-4 October 2013 in Berlin, Germany.

The full programme for VB2013, including abstracts for each paper, can be viewed here.

Click here for more details about the conference.