Introduction

So your traditional-signature AV product is failing you! Now you have been tasked to investigate endpoint protection security products in the market for your company. You probably spend you day job doing risk assessments, vulnerability assessments, collecting patch management statistics, creating dashboards for upper management along with a range of other daily tasks.

You are excited by the fact you get to play with some new toys, break away from the daily grind of remediation and risk registry updates, but where the heck do you start!?!?! Many of us in defender, blue team and/or compliance types roles have never touched malware, don’t have idea how to execute memory resident malware, or how to create a phishing campaign to simulate a spear phishing campaign.

I was in the same boat myself. I didn’t want to be told what I needed, how to test, or what functionality was right for our organisation. Every company has different business needs. I didnt want to recommend a product either, but indeed find a solution to our company bleeding money due to ransonware incidents, the cost of slow patching and poor network segmentation. If we did decide to go the EPP route, I wanted to be able to show the cost benefit of its implementation right off the bat.

Some truths and lies:

Malware is not scary, its actually seriously interesting stuff
Traditional PE files are easy to mutate and manipulate as a bypass / evasion technique
You can weapsonise pretty much any type of file, so much fun!
Life doesnt resolve round PE / Binary files only
Testing is not hard, yes it takes some thought into setting the lab up, but don’t let that deter you
Don’t let vendors tell you want you need, but be open to their product suite and what the products can do
Do map back to your business requirements to ensure it aligns with what your business goals are

Feeling excited about trying something new!?!? Keep reading….

Next -> Section 1