ICSA Labs Blog: Advanced Threat Defense (ATD)

High levels of Locky Ransomware in .7z archives during Q4 2017

It was once only a pipedream that a security product would be able to detect unknown, new malware.  But as highlighted by ICSA Labs’ quarterly-recurring advanced threat defense (ATD) security certification testing, there is in fact a short list of security vendors that not only detect new threats, but do it well.  As a result, the days of trying to unravel every malicious threat in order to develop a signature, may finally begin to fade into information security history.

Ransomware Higher During Q3 Advanced Threat Defense Testing

ICSA Labs encourages enterprises to consider the results of its quarterly advanced threat defense (ATD) security testing and to demand only ICSA Labs certified ATD solutions.  In ATD and the related ATD-Email testing, ICSA Labs tests to see how well security vendor solutions detect new and little-known malicious threats.  Testing for Q3 2017 just recently concluded and the results are posted.   

Why is Advanced Threat Defense Important? Q&A with Jack Walsh of ICSA Labs

Enterprises today face an ever-evolving threat landscape with security breaches occurring at a fast pace. It’s becoming clear that enterprises must be able to not only identify and protect against known threats but also to protect against new and unknown malicious threats.

Jack Walsh, new initiatives & mobility programs manager at ICSA Labs discusses the latest rounds of Advanced Threat Defense (ATD) certification testing, and the security products being created to help protect end users against previously unknown threats.

Seeing ransomware before it strikes

Every day, there are articles in the news about Ransomware, but I’ll bet you don’t know just how prevalent this infectious menace has become.

At ICSA Labs, we’ve seen a tremendous spike in ransomware during the 2nd quarter of 2016.

Understanding the benefits of ICSA Labs certification

Knowing the benefits of certification is important for security product vendors and enterprises to understand.

The first step is to understand what certification is and what it is not.

Enterprises Can Benefit from ICSA Labs Advanced Threat Defense Testing

As threats change, security product vendors hurry to keep pace.  Enterprises wonder whether commercial advanced threat defense (ATD) solutions will be able to keep up with the ever-evolving threatscape.

Understanding the Samples Sources and Methodology Used in Advanced Threat Defense Testing

Samples Sources

A number of malicious sample sources feed into ICSA Labs’ Advanced Threat Defense (ATD) testing.

One source is the spam ICSA Labs collects. ICSA Labs collects hundreds of thousands of spam messages every day through its spam honeypots. Specific attention is paid to spam with attachments.  If the attachments are malicious, they are sample source candidates for ATD testing.

Threat Vectors Used in Advanced Threat Defense Testing

ICSA Labs Advanced Threat Defense (ATD) certification testing is aimed at vendor solutions designed to detect threats that other traditional security products miss.  The testing is focused on how effectively vendor ATD solutions work against unknown and little-known threats.

In addition to detection effectiveness, ICSA Labs tests whether or not ATD solutions alert on innocuous applications and associated activity. The timeliness of detection and logging of malicious threats are also tested.

ICSA Labs Launches First-Ever Advanced Threat Defense Certification Testing Program

Introduction

This blog entry is the first in a four-part series marking the launch of ICSA Labs’ newest certification testing program for Advanced Threat Defense (ATD) solutions.  Be sure to check back on the ICSA Labs Security Testing Blog each Monday through December for an update.

Advanced Threat Defense (ATD) Solutions – Why Enterprises Need Them