ТЕСТУВАННЯ АНТИВІРУСНИХ РІШЕНЬ ДЛЯ КОРПОРАТИВНОГО СЕГМЕНТУ
DOI:
https://doi.org/10.18372/2225-5036.30.20362Keywords:
cybersecurity, computer viruses, Ransomware, antivirus solutions, NGAV, EDR, testing, endpoint protection, WindowsAbstract
The development of effective methods for detecting computer viruses is an urgent task, the importance of which is determined by modern trends in the development of data exchange in information systems and the requirements for their security. The number and complexity of virus attacks on enterprise information systems is constantly growing, so there is a need to choose an antivirus solution in conditions of insufficient resources either as basic protection for endpoints, or to replace the existing solution with a more advanced one. The process of testing antivirus programs necessitates the use of programs and tests to assess the effectiveness of protective solutions. The purpose of the publication is to determine the tests and programs that will be sufficient to
assess the effectiveness of a protective solution in a corporate environment. It is shown that the analysis of the antivirus's reactions
to several malicious programs from the Ransomware family and to programs that imitate their behaviour is quite sufficient to obtain
a basic idea of the antivirus's heuristic module and its ability to counteract new threats. A set of tests and programs sufficient to
assess the effectiveness of a protective solution has been determined. A test has been proposed that can provide a first idea of the
antivirus solution, eliminating the need for further testing. The criteria by which the antivirus is expected to work on malicious
programs of the Ransomware family have been determined, and a script that simulates the behaviour of known Ransomware has been proposed for testing the heuristic module of the antivirus. It is noted that testing in a specific environment by our own specialists provides an opportunity to identify the weaknesses of antiviruses and either close them with the participation of the vendor, or choose a more relevant solution, which will increase the overall level of cyber protection at the enterprise. Further research can be focused on improving methods for extracting digital artifacts, taking into account typical tasks for an information security analyst in a corporate environment.
