An advanced endpoint (AEP) product should be able to successfully detect, prevent, and continuously monitor threats. Through continuous monitoring of file systems, communication, and even processes, an AEP product provides contextual awareness and end-to-end visibility into threats for the end user/enterprise, which allows users to take action against threats in real time. Continuous monitoring is performed through constant analysis of suspicious code, identification of communications with malicious hosts, detection of post-infection movements within networks, and secondary compromises that occur within an enterprise network. AEP products are capable of providing enhanced detection of malware, exploits, unknown threats, and several classes of blended threats.
This methodology describes how NSS will evaluate AEP products to provide an objective and fair assessment of the technology.