The Endpoint Protection (EPP) market was a hot topic in 2017 with some many conversations at security conferences, on webinars and whitepapers with not much clear direction on testing. No wonder so many of us were confused. Many of the EPP vendors have highly skilled people on their teams that can offer you advice on what to do and how to test. However, the reality is that many of us are simply unsure if the advice from the vendor pre-sales team is for their benefit or ours. It's hard to know who to believe or trust!! Many just want to help, including vendors, it does not make it any less overwelming.
In March 2017 I started researching EPP solutions. I quickly came to the realisation that there was no guidelines, no testing methodologies, no AV testing standards, or anything published which was going to help guide me with this task. As I tested each product, how the heck was I going to test the different features, let alone compare them to come up with some type of scoring system?!?!? Seriously, lions, tigers and bears! So quick simply, I had to come up with my own.
The purpose of this repository is to provide you with tools that I created for POCing / testing various EPP products. I wanted to release my work in the hope that it can help others who are not sure where to start, or who wanted some ideas. I am not affiliated with any EPP organisation, I am simply an information security professional who recently did an EPP POC. I have taken my learnings and added them to this repo which I hope will provike ideas and guidance on where to start.
Other than a few vendor guides I was provided with, there really was nothing really useful to assist in the huge task and lets not get started on a scoring/ranking process. This EPP repo has all my workings, where to source your malware, your functional and non-functional requirement checklist and finally the framework which is the actual test cases (4 in total) and the scoring system.
If you are reading this and have other things you think are useful, please email me or log it as an issue / request.
Note: EPP Self-Paced Workshop / Class currently in progress https://pinktangent.github.io/