SE Labs has introduced an interesting enhancement to its endpoint protection test methodology. While the company has always included targeted attacks in these tests, it has now introduced what it calls ‘attack chain scoring’. In other words, whereas previously the product under test received a scoring penalty for a breach that didn’t take into account how deeply the tester had penetrated into the system, there are now additional penalties where the attack gains more access, for example privilege escalation. This means that there is now a range of penalty scores between -1 and -5, depending on the severity of the breach.
More detail in the article by Simon Edwards here – Latest security tests introduce attack chain scoring – as well as links to the latest SE Labs reports.
David Harley
Leave a Reply