Early warnings for targeted attacks
Fortinet FortiEDR Protection test results by SE LABS (Threat Series: 11).
These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking groups known as Gamaredon Group, Ember Bear, Evasive Panda, and DPRK operate to breach systems and networks.
SE Labs used full chains of attack, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.
Regardless of which stages your security takes effect, you probably want it to detect and prevent before the breach runs to its conclusion in the press.
Our Advanced Security test is unique, in that we test products by running a full attack. We follow every step of a breach attempt to ensure that the test is as realistic as possible.
This is important because different products can detect and prevent threats differently.
Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.
Fortinet FortiEDR Protection test results
Some products are designed solely to watch and inform, while others can also remove threats either as soon as they appear or after they start causing damage.
For the ‘watchers’ we run the Advanced Security test in Detection mode. For ‘stoppers’ like Fortinet FortiEDR we can demonstrate effectiveness by testing in Protection Mode.
In this report we look at how Fortinet FortiEDR handled full breach attempts. At which stages did it detect and protect? And did it allow business as usual, or mis-handle legitimate applications?
Understanding the capabilities of different security products is always better achieved before you need to use them in a live scenario. SE Labs’ Advanced Security test reports help you assess which are the best for your own organisation.