Why is Advanced Threat Defense Important? Q&A with Jack Walsh of ICSA Labs
August 30, 2016
By Jack Walsh

Enterprises today face an ever-evolving threat landscape with security breaches occurring at a fast pace. It’s becoming clear that enterprises must be able to not only identify and protect against known threats but also to protect against new and unknown malicious threats.

Jack Walsh, new initiatives & mobility programs manager at ICSA Labs discusses the latest rounds of Advanced Threat Defense (ATD) certification testing, and the security products being created to help protect end users against previously unknown threats.

Q: What was new with this round of ATD testing?

Following the most recent Q2 2016 ATD test cycle, ICSA Labs looked at data not just from Q2 but from the past three quarters of ATD certification testing, from Q4 2015 through Q2 2016 to see how effectively vendor ATD solutions are working against unknown and little-known threats. To help build our test sets, we collect hundreds of thousands of spam messages each day, using our spam honeypots and many of these spam messages include malicious attachments. For example, in the Q2 2016 test set, we observed that there had been a huge spike in ZIP files containing ransomware-type malware. In fact, there was a significant spike in these malicious attachments from an average of 403 ZIP files per day in Q4 2015 to over 35,000 ZIP files per day in Q2 2016. This clearly shows the need for commercial security solutions to keep up with detecting the latest malware.

Q: What is ICSA Labs’ role in Advanced Threat Defense (ATD)?

ICSA Labs offers third-party certification testing instead of comparative testing. For the ATD program, in particular, this means that we perform an ongoing quarterly test of commercial products.  Before a quarterly test cycle begins, we make sure to fine-tune vendors’ ATD solutions in order to achieve the best results. Each quarter, the ATD solutions from participating vendors are tested continuously for three to five weeks against the latest little-known and unknown threats, and against legitimate innocuous applications to help ensure that vendor solutions aren’t modified to simply identify everything as malicious.

Following each week of testing, and for two weeks after the test cycle concludes, ICSA Labs gives vendors the opportunity to dispute our findings in the event there was some error made on our part. From quarter to quarter, enterprises are able to see how well their ATD solutions detect previously unknown malicious threats. After a vendor’s ATD solution passes all the tests and has met all the requirements,   the vendor is then permitted to advertise publicly that it is ICSA Labs ATD certified.

Q: Why is ATD testing important for vendors to undertake?

As stated previously, it’s the little-known and unknown malicious threats that pose some of the greatest risks to enterprises because generally-speaking traditional security solutions cannot adequately protect against attacks they have never before seen. An organization’s traditional security solution is complemented when combined with an ATD solution, which significantly strengthens the enterprise’s defensive posture.

Each quarter, vendors’ ATD solutions have to demonstrate a high degree of efficacy and no more than a few false positives as defined in our latest ATD certification testing criteria.  If there are shortcomings beyond levels permitted in the criteria, they must be corrected in order for vendors to be awarded the ICSA Labs ATD certification. Ultimately, being certified by ICSA Labs provides assurance to enterprises that a certified vendor's advanced threat defense solution has met high standards, which in turn sets the vendor apart from the competition.

To read the freely-available certification testing reports for any past quarterly test cycle for those vendors with an ICSA Labs Certified Advanced Threat Defense solution, please visit the ICSA Labs website.

Comments

Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.