ТЕСТУВАННЯ АНТИВІРУСНИХ РІШЕНЬ ДЛЯ КОРПОРАТИВНОГО СЕГМЕНТУ
DOI:
https://doi.org/10.18372/2225-5036.30.20362Keywords:
cybersecurity, computer viruses, Ransomware, antivirus solutions, NGAV, EDR, testing, endpoint protection, WindowsAbstract
The development of effective methods for detecting computer viruses is an urgent task, the importance of which is determined by modern trends in the development of data exchange in information systems and the requirements for their security. The number and complexity of virus attacks on enterprise information systems is constantly growing, so there is a need to choose an antivirus solution in conditions of insufficient resources either as basic protection for endpoints, or to replace the existing solution with a more advanced one. The process of testing antivirus programs necessitates the use of programs and tests to assess the effectiveness of protective solutions. The purpose of the publication is to determine the tests and programs that will be sufficient to
assess the effectiveness of a protective solution in a corporate environment. It is shown that the analysis of the antivirus's reactions
to several malicious programs from the Ransomware family and to programs that imitate their behaviour is quite sufficient to obtain
a basic idea of the antivirus's heuristic module and its ability to counteract new threats. A set of tests and programs sufficient to
assess the effectiveness of a protective solution has been determined. A test has been proposed that can provide a first idea of the
antivirus solution, eliminating the need for further testing. The criteria by which the antivirus is expected to work on malicious
programs of the Ransomware family have been determined, and a script that simulates the behaviour of known Ransomware has been proposed for testing the heuristic module of the antivirus. It is noted that testing in a specific environment by our own specialists provides an opportunity to identify the weaknesses of antiviruses and either close them with the participation of the vendor, or choose a more relevant solution, which will increase the overall level of cyber protection at the enterprise. Further research can be focused on improving methods for extracting digital artifacts, taking into account typical tasks for an information security analyst in a corporate environment.
Downloads
Published
How to Cite
Issue
Section
License
The scientific journal "Ukrainian Scientific Journal of Information Security" adheres to the principles of open science and provides free, free and permanent access to all published materials. The goal of the policy is to increase the visibility, citation and impact of the results of scientific research in the field of information security. The journal works according to the principles of Open Access and does not charge a fee for access to published articles.
All articles are published in Open Access under the Creative Commons Attribution 4.0 International (CC BY 4.0) license.
Copyright
Authors who publish their works in the journal “Ukrainian Scientific Journal of Information Security”:
-
retain the copyright to their publications;
-
grant the journal the right of first publication of the article;
-
agree to the distribution of their materials under the CC BY 4.0 license;
-
have the right to reuse, archive, and distribute their works (including in institutional and subject repositories), provided that proper reference is made to the original publication in the journal.
