{"id":10941,"date":"2022-08-22T13:12:48","date_gmt":"2022-08-22T10:12:48","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10941"},"modified":"2022-08-22T13:12:48","modified_gmt":"2022-08-22T10:12:48","slug":"kedr-selabs-test-2022","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/kedr-selabs-test-2022\/10941\/","title":{"rendered":"Ba\u011f\u0131ms\u0131z testlerde EDR \u00e7\u00f6z\u00fcmleri"},"content":{"rendered":"<p>Bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcn etkinli\u011fini kan\u0131tlaman\u0131n en iyi yolu, hedefli sald\u0131r\u0131lar\u0131n tipik taktik ve tekniklerini kullanarak ger\u00e7ek d\u00fcnyaya en yak\u0131n ko\u015fullarda test etmektir. Kaspersky bu t\u00fcr testlere d\u00fczenli olarak kat\u0131l\u0131yor ve her zaman <a href=\"https:\/\/www.kaspersky.com.tr\/top3\" target=\"_blank\" rel=\"noopener\">en \u00fcst s\u0131ralarda<\/a> yer al\u0131yor.<\/p>\n<p>K\u0131sa s\u00fcre \u00f6nce ger\u00e7ekle\u015ftirilen <a href=\"https:\/\/selabs.uk\/reports\/enterprise-advanced-security-edr-2022-q2-detection\/\" target=\"_blank\" rel=\"noopener nofollow\">Enterprise Advanced Security (EDR)<\/a><u>: Enterprise 2022 Q2 \u2013 DETECTION<\/u> testinin sonu\u00e7lar\u0131 Temmuz ay\u0131nda <a href=\"https:\/\/selabs.uk\/\" target=\"_blank\" rel=\"noopener nofollow\">SE Labs<\/a> raporunda yay\u0131nland\u0131. \u0130ngiliz \u015firket y\u0131llard\u0131r b\u00fcy\u00fck sa\u011flay\u0131c\u0131lar\u0131n g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini test ediyor. Kurumsal <em>Kaspersky Endpoint Detection and Response Expert<\/em> \u00e7\u00f6z\u00fcm\u00fcm\u00fcz, bu son testte hedefli sald\u0131r\u0131 tespitinde %100 tam puanla en y\u00fcksek derecelendirme olan AAA derecesini ald\u0131.<\/p>\n<p>SE Labs kurumsal altyap\u0131lar\u0131 karma\u015f\u0131k tehditlere kar\u015f\u0131 korumaya y\u00f6nelik \u00fcr\u00fcnlerimizi ilk defa analiz etmiyor. \u015eirket daha \u00f6nce de G\u00fcvenlik \u0130hlaline Yan\u0131t Testi ger\u00e7ekle\u015ftirmi\u015fti (<a href=\"https:\/\/selabs.uk\/reports\/breach-response-test-kaspersky-anti-targeted-attack-platform\/\" target=\"_blank\" rel=\"noopener nofollow\">2019<\/a>\u2018da bu testte yer ald\u0131k). <a href=\"https:\/\/selabs.uk\/reports\/enterprise-advanced-security-edr-kaspersky-2021-q4\/\" target=\"_blank\" rel=\"noopener nofollow\">2021<\/a>\u2018de ise \u00fcr\u00fcn\u00fcm\u00fcz \u015firketin Geli\u015fmi\u015f G\u00fcvenlik Testi\u2019nde test edildi (EDR). O zamandan bu yana test metodolojisinde baz\u0131 de\u011fi\u015fiklikler yap\u0131ld\u0131 ve test Tespit ve Koruma olarak iki k\u0131sma ayr\u0131ld\u0131. SE Labs bu kez g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin k\u00f6t\u00fc ama\u00e7l\u0131 aktiviteyi <em>tespit etmekte<\/em> ne kadar etkili oldu\u011funu ara\u015ft\u0131rd\u0131. Testte Kaspersky EDR Expert\u2019in yan\u0131 s\u0131ra Broadcom Symantec, CrowdStrike, BlackBerry ve ba\u015fka bir anonim \u00e7\u00f6z\u00fcm olmak \u00fczere d\u00f6rt di\u011fer \u00fcr\u00fcn yer ald\u0131.<\/p>\n<h2>Puanlama sistemi<\/h2>\n<p>Test bir\u00e7ok farkl\u0131 kontrolden olu\u015fuyor, ancak sonu\u00e7lar hakk\u0131nda genel bir fikir edinmek i\u00e7in <strong>Toplam Do\u011fruluk Derecelendirmesi<\/strong>\u2018ne bakmak yeterli. Bu derecelendirme, her bir \u00e7\u00f6z\u00fcm\u00fcn farkl\u0131 a\u015famalarda sald\u0131r\u0131lar\u0131 ne kadar iyi tespit edebildi\u011fini ve kullan\u0131c\u0131ya yanl\u0131\u015f pozitiflerle s\u0131k\u0131nt\u0131 verip vermedi\u011fini g\u00f6steriyor. Teste kat\u0131lan \u00e7\u00f6z\u00fcmlere, test sonucunu g\u00f6rsel olarak daha da netle\u015ftirmek ad\u0131na AAA\u2019dan (y\u00fcksek Toplam Do\u011fruluk Derecelendirmesine sahip \u00fcr\u00fcnler i\u00e7in) D\u2019ye kadar (etkinli\u011fi en d\u00fc\u015f\u00fck \u00e7\u00f6z\u00fcmler i\u00e7in) bir derece verildi. Belirtti\u011fimiz gibi, \u00e7\u00f6z\u00fcm\u00fcm\u00fcz %100 tam puanla AAA derecesine sahip oldu.<\/p>\n<p>Toplam Do\u011fruluk Derecelendirmesi iki kategoride verilen puanlardan olu\u015fuyor:<\/p>\n<ul>\n<li>Tespit Do\u011frulu\u011fu: Bu kategori, bir sald\u0131r\u0131n\u0131n her bir \u00f6nemli a\u015famas\u0131n\u0131 tespit etme becerisini de\u011ferlendiriyor.<\/li>\n<li>Yasal Yaz\u0131l\u0131m Derecelendirmesi: \u00dcr\u00fcn ne kadar az say\u0131da yanl\u0131\u015f pozitif \u00e7\u0131kar\u0131rsa puan o kadar y\u00fcksek oluyor.<\/li>\n<\/ul>\n<p>Ba\u015fka bir \u00f6nemli g\u00f6sterge daha var: Tespit Edilen Sald\u0131r\u0131lar. Bu da \u00e7\u00f6z\u00fcm\u00fcn en az bir a\u015fama s\u0131ras\u0131nda sald\u0131r\u0131y\u0131 tespit ederek bilgi g\u00fcvenli\u011fi ekibine olaya m\u00fcdahale \u015fans\u0131 sunma oran\u0131.<\/p>\n<h2>Nas\u0131l test edildik<\/h2>\n<p>Testlerden ideal olarak ger\u00e7ek bir sald\u0131r\u0131 s\u0131ras\u0131nda \u00e7\u00f6z\u00fcm\u00fcn nas\u0131l davranaca\u011f\u0131n\u0131 ortaya \u00e7\u0131karmas\u0131 beklenir. SE Labs bu do\u011frultuda test ortam\u0131n\u0131 m\u00fcmk\u00fcn oldu\u011funca ger\u00e7ek hayattakine benzer olu\u015fturmaya \u00e7al\u0131\u015ft\u0131. Birincisi, g\u00fcvenlik \u00e7\u00f6z\u00fcmlerini test i\u00e7in yap\u0131land\u0131ranlar geli\u015ftiriciler de\u011fil, t\u0131pk\u0131 m\u00fc\u015fterilerin bilgi g\u00fcvenli\u011fi ekipleri gibi sa\u011flay\u0131c\u0131dan talimatlar\u0131 alan SE Labs test g\u00f6revlileriydi. \u0130kincisi, testler ilk temastan veri h\u0131rs\u0131zl\u0131\u011f\u0131na ya da ba\u015fka bir sonuca kadar t\u00fcm sald\u0131r\u0131 zincirini kapsayacak \u015fekilde ger\u00e7ekle\u015ftirildi. \u00dc\u00e7\u00fcnc\u00fcs\u00fc, testler ger\u00e7ek ve aktif olan d\u00f6rt APT grubunun sald\u0131r\u0131 y\u00f6ntemlerini baz ald\u0131:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.theregister.com\/2022\/05\/18\/wizard-spider-ransomware-conti\/\" target=\"_blank\" rel=\"noopener nofollow\">Wizard Spider<\/a>: \u015eirketleri, bankalar\u0131, hatta hastaneleri hedef al\u0131yor. Ara\u00e7lar\u0131 aras\u0131nda bankac\u0131l\u0131k Truva At\u0131 <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/trickbot-new-tricks\/10184\/\" target=\"_blank\" rel=\"noopener\">Trickbot<\/a> yer al\u0131yor.<\/li>\n<li><a href=\"https:\/\/www.welivesecurity.com\/2022\/03\/21\/sandworm-tale-disruption-told-anew\/\" target=\"_blank\" rel=\"noopener nofollow\">Sandworm<\/a>: Genel olarak devlet kurumlar\u0131n\u0131 hedef al\u0131yor. Fidye yaz\u0131l\u0131m\u0131 ad\u0131 alt\u0131nda kullan\u0131lan, fakat asl\u0131nda kurban\u0131n verilerini kurtar\u0131lamayacak \u015fekilde yok eden <a href=\"https:\/\/securelist.com\/expetrpetyanotpetya-is-a-wiper-not-ransomware\/78902\/\" target=\"_blank\" rel=\"noopener\">NotPetya<\/a> k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131yla \u00fcnl\u00fc.<\/li>\n<li><a href=\"https:\/\/www.kaspersky.com.tr\/blog\/lazarus-defi-wallet-backdoor\/10645\/\" target=\"_blank\" rel=\"noopener\">Lazarus<\/a>: Kas\u0131m 2014\u2019te Sony Pictures\u2019a ger\u00e7ekle\u015ftirdi\u011fi b\u00fcy\u00fck \u00f6l\u00e7ekli sald\u0131r\u0131 sonras\u0131 daha tan\u0131n\u0131r hale geldi. \u00d6nceden bankac\u0131l\u0131k sekt\u00f6r\u00fcne odaklanan grup son zamanlarda g\u00f6z\u00fcn\u00fc kripto borsalar\u0131na dikti.<\/li>\n<li><a href=\"https:\/\/www.fox-it.com\/media\/kadlze5c\/201912_report_operation_wocao.pdf\" target=\"_blank\" rel=\"noopener nofollow\">Operation Wocao<\/a>: Devlet kurumlar\u0131n\u0131, servis sa\u011flay\u0131c\u0131lar\u0131, enerji ve teknoloji \u015firketlerini ve sa\u011fl\u0131k sekt\u00f6r\u00fcn\u00fc hedef al\u0131yor.<\/li>\n<\/ul>\n<h3>Tehdit tespiti testleri<\/h3>\n<p>SE Labs, Tespit Do\u011frulu\u011fu testinde g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin tehditleri ne kadar etkin \u015fekilde tespit etti\u011fini ara\u015ft\u0131rd\u0131. Bu kapsamda Wizard Spider, Sandworm, Lazarus Group ve Operation Wocao akt\u00f6rlerinin ger\u00e7ek hayattaki sald\u0131r\u0131lar\u0131n\u0131 baz alan 17 karma\u015f\u0131k sald\u0131r\u0131 y\u00fcr\u00fctt\u00fc. Bu sald\u0131r\u0131lar i\u00e7erisinde her biri bir ya da birbirine ba\u011fl\u0131 birden \u00e7ok ad\u0131mdan olu\u015fan d\u00f6rt \u00f6nemli a\u015fama vurguland\u0131:<\/p>\n<ul>\n<li>Da\u011f\u0131t\u0131m\/Y\u00fcr\u00fctme<\/li>\n<li>Eylem<\/li>\n<li>Ayr\u0131cal\u0131k Y\u00fckseltme\/Eylem<\/li>\n<li><a href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/lateral-movement\/\" target=\"_blank\" rel=\"noopener\">Yanal Hareket<\/a>\/Eylem<\/li>\n<\/ul>\n<p>Test mant\u0131\u011f\u0131, \u00e7\u00f6z\u00fcm\u00fcn belirli herhangi bir sald\u0131r\u0131 a\u015famas\u0131ndaki t\u00fcm olaylar\u0131 tespit etmesini gerektirmiyordu, en az\u0131ndan birini belirlemesi yeterliydi. \u00d6rne\u011fin, \u00fcr\u00fcn k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fck\u00fcn cihaza nas\u0131l girdi\u011fini fark edemediyse, fakat y\u00fcr\u00fct\u00fclmesine y\u00f6nelik bir giri\u015fimi fark ettiyse birinci a\u015famay\u0131 ba\u015far\u0131yla ge\u00e7iyordu.<\/p>\n<p><strong>Da\u011f\u0131t\u0131m\/Y\u00fcr\u00fctme. <\/strong>Bu a\u015fama, \u00e7\u00f6z\u00fcm\u00fcn bir sald\u0131r\u0131y\u0131 en ba\u015f\u0131ndan tespit edebilme becerilerini \u00f6l\u00e7\u00fcyordu: Da\u011f\u0131t\u0131m (\u00f6rne\u011fin, bir kimlik av\u0131 e-postas\u0131 veya k\u00f6t\u00fc ama\u00e7l\u0131 bir ba\u011flant\u0131yla) ve tehlikeli kodun y\u00fcr\u00fct\u00fclmesi s\u0131ras\u0131nda. Ger\u00e7ek ko\u015fullarda sald\u0131r\u0131 genellikle bu noktada durdurulur, \u00e7\u00fcnk\u00fc g\u00fcvenlik \u00e7\u00f6z\u00fcmleri k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n daha fazla ilerlemesine izin vermez. Ancak testin amac\u0131 do\u011frultusunda \u00e7\u00f6z\u00fcm\u00fcn sonraki a\u015famalarla nas\u0131l ba\u015fa \u00e7\u0131kt\u0131\u011f\u0131n\u0131 g\u00f6rebilmek i\u00e7in sald\u0131r\u0131 zinciri devam ettirildi.<\/p>\n<p><strong>Eylem.<\/strong> Ara\u015ft\u0131rmac\u0131lar bu a\u015famada sald\u0131rganlar u\u00e7 noktaya eri\u015fim elde ettikten sonra \u00e7\u00f6z\u00fcm\u00fcn nas\u0131l davrand\u0131\u011f\u0131n\u0131 ara\u015ft\u0131rd\u0131. Yaz\u0131l\u0131m\u0131n do\u011fru olmayan bir eylemi tespit etmesi gerekiyordu.<\/p>\n<p><strong>Ayr\u0131cal\u0131k Y\u00fckseltme\/Eylem.<\/strong> Ba\u015far\u0131l\u0131 bir sald\u0131r\u0131da sald\u0131rgan, sistemde daha fazla ayr\u0131cal\u0131k elde ederek daha fazla zarara yol a\u00e7maya \u00e7al\u0131\u015f\u0131r. G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc bu t\u00fcr olaylar\u0131 veya ayr\u0131cal\u0131k y\u00fckseltme i\u015fleminin kendisini g\u00f6zetim alt\u0131nda tutuyorsa ekstra puan kazand\u0131.<\/p>\n<p><strong>Yanal Hareket\/Eylem. <\/strong>U\u00e7 noktaya giri\u015f sa\u011flayan bir sald\u0131rgan, kurumsal a\u011fdaki di\u011fer cihazlara da vir\u00fcs bula\u015ft\u0131rmaya \u00e7al\u0131\u015fabilir. Bu, yanal hareket olarak bilinir. Test g\u00f6revlileri, g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcn bu t\u00fcr bir hareket veya bu hareketin sonucunda ortaya \u00e7\u0131kabilecek bir eylem tespit edip etmedi\u011fini kontrol etti.<\/p>\n<p>Kaspersky EDR Expert bu segmende %100 puan ald\u0131, yani herhangi bir sald\u0131r\u0131n\u0131n tek bir a\u015famas\u0131n\u0131 bile g\u00f6zden ka\u00e7\u0131rmad\u0131.<\/p>\n<h3>Yasal Yaz\u0131l\u0131m Derecelendirmeleri<\/h3>\n<p>\u0130yi bir koruman\u0131n yaln\u0131zca g\u00fcvenilir \u015fekilde tehditleri p\u00fcsk\u00fcrtmesi yetmez, ayn\u0131 zamanda kullan\u0131c\u0131n\u0131n g\u00fcvenli servisleri kullanmas\u0131na engel de olmamal\u0131d\u0131r. Ara\u015ft\u0131rmac\u0131lar bu y\u00fczden teste ayr\u0131 bir puan t\u00fcr\u00fc daha ekledi. \u00c7\u00f6z\u00fcm, yasal web sitelerini veya programlar\u0131 (\u00f6zellikle de pop\u00fcler olanlar\u0131) ne kadar az s\u0131kl\u0131kla tehlikeli olarak i\u015faretlerse bu puan o kadar y\u00fcksek oluyordu.<\/p>\n<p>Kaspersky EDR Expert buradan da %100 puan ald\u0131.<\/p>\n<h2>Test sonu\u00e7lar\u0131<\/h2>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/enterprise-security\/endpoint-detection-response-edr?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">Kaspersky Endpoint Detection and Response Expert<\/a> t\u00fcm test sonu\u00e7lar\u0131na g\u00f6re en y\u00fcksek derecelendirme olan AAA derecesine lay\u0131k g\u00f6r\u00fcld\u00fc. \u00dc\u00e7 di\u011fer \u00fcr\u00fcn daha ayn\u0131 dereceyi kazand\u0131: Broadcom Symantec Endpoint Security and Cloud Workload Protection, CrowdStrike Falcon ve anonim \u00e7\u00f6z\u00fcm. Ancak yaln\u0131zca Kaspersky ve Broadcom Symantec Toplam Do\u011fruluk Derecelendirmesinde %100 tam puan almay\u0131 ba\u015fard\u0131.<\/p>\n<p>\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SE Labs, ba\u011f\u0131ms\u0131z testlerde ger\u00e7ek d\u00fcnya sald\u0131r\u0131lar\u0131 kar\u015f\u0131s\u0131nda Kaspersky EDR&#8217;a en y\u00fcksek puan\u0131 verdi.<\/p>\n","protected":false},"author":2706,"featured_media":10942,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1285],"tags":[2576,1363,1538,575],"class_list":{"0":"post-10941","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-products","10":"tag-bagimsiz-testler","11":"tag-edr","12":"tag-se-labs","13":"tag-testler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/kedr-selabs-test-2022\/10941\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/kedr-selabs-test-2022\/24463\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/kedr-selabs-test-2022\/19929\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/kedr-selabs-test-2022\/26907\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/kedr-selabs-test-2022\/24821\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/kedr-selabs-test-2022\/25192\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/kedr-selabs-test-2022\/27520\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/kedr-selabs-test-2022\/27172\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/kedr-selabs-test-2022\/33872\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/kedr-selabs-test-2022\/45160\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/kedr-selabs-test-2022\/19304\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/kedr-selabs-test-2022\/19911\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/kedr-selabs-test-2022\/29172\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/kedr-selabs-test-2022\/28424\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/kedr-selabs-test-2022\/25366\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/kedr-selabs-test-2022\/30868\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/kedr-selabs-test-2022\/30576\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/bagimsiz-testler\/","name":"ba\u011f\u0131ms\u0131z testler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10941","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2706"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10941"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10941\/revisions"}],"predecessor-version":[{"id":10945,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10941\/revisions\/10945"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10942"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}