Breach Detection, Protection and Response Testing: The Next-Gen Approach

Wednesday 5 October 15:00 - 15:30, Red room

Simon Edwards (SE Labs)

We've seen the rise of the next-generation security products. Now it's time for next-generation testing. A large range of products exist to help detect and investigate breaches. While some of these overlap with anti-malware protection products, testing them requires more than simply scanning (or even executing) malware. We propose that, in order to gain a good understanding of the efficacy of such products, realistic attacks are required that progress from the initial breach through to a logical conclusion.

This paper outlines a full methodology for testing a wide range of security products, including those deployed as endpoint agents, perimeter gateways and cloud-based services. Different types of product can now be tested either individually or in collaboration with other solutions. For example, it is possible to test anti-malware and 'detection and response' endpoint agents; intrusion detection appliances; email gateways; cloud-based web filters; and both on-premises and cloud-based sandboxes.

In the presentation we will demonstrate what a full breach looks like (and why we are confident that this is what the real bad guys are doing) and deliver some results that show how different types of products work and interact with each other to provide levels of protection, remediation and actionable insight into a breach's history.

Click here for more details about the conference.


Simon Edwards

An IT journalist between 1995 and 2010, Simon worked on the UK's biggest computer magazine titles. At Dennis Publishing these included titles such as Computer Shopper, PC Pro, Computer Active, Web User, Mac User and IT Pro.

Simon's area of expertise is anti-malware testing and he was, until the end of 2015, Technical Director of Dennis Technology Labs, an independent security testing business that was part of the Dennis Publishing media company. He then founded SE Labs, which specialises in advanced security testing. He also provides technical advice to a number of specialist security companies.

A founder member of the Anti-Malware Testing Standards Organization (AMTSO), Simon was chairman of its Board of Directors between 2012 and 2015. He continues to serve on AMTSO's Board of Directors.



We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.