[Dailydave] Crowdstrike fails NSS Advanced Endpoint Protection Group Test...yes or no?

Security Admin (NetSec) secadmin at netsecdesign.com
Thu Feb 16 14:25:50 EST 2017


>From Article:

"There are two primary issues here: is it possible to conduct fair comparative tests for advanced endpoint protection products (aka, machine-learning or next-gen AV); and is the law a valid method of preventing them?"

The article has various opinions about this, with additional links to opinions.

I offer my $0.02

It would appear that based on the NSS Lab admission that "The Falcon Host's final rating may have been different had it completed the test." that Crowdstrike may have a legitimate beef.

When deploying Palo Alto devices with Wildfire enabled, I would inevitably get asked the question as to whether or not traditional AV was needed.  This came up even more as Palo Alto introduced host-based protection via "traps."

What I have found is that many of these so-called "next-gen" protection mechanisms are quite good at protecting against unknown aka "0day" threats.  However, they tend to fall short in protecting against old threats, like the nth version of MyDoom.  Signature-based solutions still have their place, and until the next-gen vendors like Crowdstrike can protect against both, signature-based AV may still be needed.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20170216/621b1ff3/attachment.html>

More information about the Dailydave mailing list