This guide is for organizations that want to perform their own in-house endpoint security product testing using live malware.
Do it yourself (DIY) malware testing provides actionable intelligence about cyberthreats that is tailored to your organization. It allows you to learn how malware operates, what it will try to do in your network environment, and how your endpoint security product and configuration will respond to it.
This guide is designed to help you conduct safe, secure, and accurate in-house tests by explaining how to set up a test lab, and the software needed to analyze malware. To provide focus and context to your testing, we have also included a range of other information that will help you understand and adjust to changes in the threat landscape caused by the recent, widespread shift to remote work.
It is not intended to be a complete, step-by-step instructional manual, but rather a resource that may be useful in creating an effective and safe process for in-house testing.
A word of caution. There are many good reasons to leave endpoint security product testing to third-party experts. Testing must account for the fact that many malware families are now virtual machine-aware and may behave differently in a test environment than in the wild. Detonating malware for testing is also dangerous: Malware is designed to steal or damage data, to spread easily through computer networks, to infect other organizations, and to be difficult to detect and remove. Failing to contain malware that’s used for testing poses a significant risk to your organization and others.