Skip Navigation
BlackBerry Blog

Exploring Anti-Malware Testing Methodologies

NEWS / 11.09.17 / The Cylance Team

The simple objective in testing an anti-malware product is to verify that it stops execution of malware on the endpoint. Testing in this case is not about features and functions, it’s about preventing the malware from executing.

That’s what an anti-malware product is designed to do — stop malware, and these tests are designed to measure their pre-execution stopping power.

In the recently released book Next-Generation Anti-Malware Testing for Dummies, you will learn about four different testing methodologies for portable executables (PEs) and file-less malware, among other advanced forms of malware.

“We describe a number of tests that are highly simple and deliberately designed to split the field of anti-malware products,” explains Carl Gottlieb of “You’ll be amazed how some big-name products perform in certain scenarios. Some very good, some very bad.”

Testing an endpoint security technology offline can reveal a lot about the product’s architecture and capabilities, which is important in order to make a well-informed decision.

Solutions which rely on cloud lookups may leave the customer at risk by allowing - intentional or not - a “patient zero” scenario and by potentially introducing delays on the endpoint as a result of the latency associated with cloud processing.

If a solution requires cloud lookups to process never-before-seen malware, then it implies that the solution relies on either cloud intelligence (file reputation) or cloud-based emulation.

It’s important to test anti-malware products offline using mutated samples, then test it again online, using the same sample set. If there is a significant difference between the offline and online test result, then the anti-malware product can only function properly when online.

The reason for testing a product’s capabilities while offline is to shed light on its architecture and capabilities.

“To test for the real-world, we need to think about real-world failure - these are the scenarios that occur every day that lead to infections, but are never tested in the lab because vendors are afraid of failure,” Gottlieb says.

“It’s time to embrace failure. Test for yourself and learn how each product performs in different failure scenarios, such as failed updates or offline working. Only that way you can learn what products are best for your specific needs.”

For more information on how to safely and effectively test anti-malware solution in your own environment, check out the recently released book Next-Generation Anti-Malware Testing for Dummies, which explains why you need to test different solutions for yourself and provides the details on how you can do it effectively.

While the publication is intended for IT managers and security administrators tasked with server and endpoint security in your organization, it is crafted to be accessible to non-technical readers as well, so you’ll come away with more knowledge about malware and anti-malware solutions testing.

This resource is offered at no charge, and contains a wealth of information that will get your team up to speed in order to set up your own internal testing lab so you can better evaluate which anti-malware solution Is the best for your organization.

Download Next-Generation Anti-Malware Testing for Dummies, and feel free to reach out to our team of experts for more information on why testing for yourself is the key to furthering your endpoint security efforts.

The Cylance Team

About The Cylance Team

Our mission: to protect every computer, user, and thing under the sun.

Cylance’s mission is to protect every computer, user, and thing under the sun. That's why we offer a variety of great tools and resources to help you make better-informed security decisions.