AVLab.pl - Learn more about Remediation Time – response time to security incidents (t

[harlan4096]

We already have the results for January 2023 published. By the way - thank You for voting us in AV-Comparatives Survey! We took place 3rd! Amazing [img]data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7[/img]

Remediation Time in test

Starting from this edition, in order to stand out more from other testing laboratories as precursors in the security industry, we introduce a new comparative feature – the so-called “response time to a threat and resolve security incident” – Remediation Time. We will measure it for each tested product for home and business to further highlight the differences between protection software when confronted with threats in the wild (coming from the Internet).

In other words: in the Sysmon logs we have the UTC time logged for:

1. Downloading malware via Firefox.
2. If the product doesn't stop it at an early stage, a run occurs. If a threat detection by any technology has occurred, we have such a time logged, e.g. as "moved to quarantine", or "blocked on firewall" or different method.

From point 1 to point 2 this is known as a Remediation Time.

Remediation Time Average reports on the Recent Results webpage. From the next edition onwards, each product will have its own website with more detailed technical information and awards won. Give us some more time, please [img]data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7[/img]

Threat Landscape in January 2023

We have prepared the following summary based on the logs collected from the Sysmon tool in Windows 10 and database with collected information from the test:

• 11 security solutions took part in the test.
  
• Ultimately, we used 447 unique URLs with malware.
  
• Exactly 381 malware samples were hosted with HTTP.
  
• Websites encrypted with HTTPS (in theory – safe) contained 66 malware samples.
  
• During the analysis, each malware samples took on average 28 potentially harmful actions in Windows 10.
  
• Most malware originated from servers located in the Netherlands, Russia and USA.
  
• .com, .org, .za domains were mostly used to host malware.
  
• The average detection of URLs or malicious files at the PRE-Launch level was 58%.
  
• At the POST-Launch level, file detection was on average 38%.
  

Full publication is published on website: Learn More About Remediation Time – Response Time To Security Incidents. The Results From Protection Test In January 2023 » AVLab Cybersecurity Foundation

Full Report