[Dailydave] Crowdstrike fails NSS Advanced Endpoint Protection Group Test...yes or no?
Security Admin (NetSec)
secadmin at netsecdesign.com
Thu Feb 16 14:25:50 EST 2017
"There are two primary issues here: is it possible to conduct fair comparative tests for advanced endpoint protection products (aka, machine-learning or next-gen AV); and is the law a valid method of preventing them?"
The article has various opinions about this, with additional links to opinions.
I offer my $0.02
It would appear that based on the NSS Lab admission that "The Falcon Host's final rating may have been different had it completed the test." that Crowdstrike may have a legitimate beef.
When deploying Palo Alto devices with Wildfire enabled, I would inevitably get asked the question as to whether or not traditional AV was needed. This came up even more as Palo Alto introduced host-based protection via "traps."
What I have found is that many of these so-called "next-gen" protection mechanisms are quite good at protecting against unknown aka "0day" threats. However, they tend to fall short in protecting against old threats, like the nth version of MyDoom. Signature-based solutions still have their place, and until the next-gen vendors like Crowdstrike can protect against both, signature-based AV may still be needed.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dailydave