AMTSO News 2024-09-27

Welcome to our regular roundup of events and activities in and around AMTSO. 

Meetings and Events

Our Dublin member meeting will be held next week, final preparations are nearing completion and we look forward to welcoming our members and guests to the event. The agenda will include presentations from members on XDR testing, anti-phishing testing, tester metrics, legal matters, and software monetization, alongside reports from AMTSO projects including our VPN testing guidelines, RTTL/ThreatList sample sharing systems, Sandbox evaluation framework and more. We will also be introducing our new President, who will be taking over from outgoing President Dennis Batchelder at the start of October, mid-way through the meetings.

AMTSO will also be present at the VB conference later the same week, so anyone coming to VB but not attending our meeting is welcome to stop by our booth to say hello.

XDR Working Group

We held another meeting of the XDR team this week, reviewing progress gathering intel on what different XDR solutions include, and what tests need to be covering, and noting wide discrepancies in available data between different providers. We’ll be discussing this process in Dublin and expect to be able to start publishing some initial findings in the next few months.

Sandbox Evaluation Working Group

An updated version of our Sandbox paper has been prepared, rolling in some comments from the member review process, and we’ll be going over this in Dublin ahead of launching a final open review period targeting non-member providers in the space. We expect to have the paper finalized and put up for formal adoption by the end of the year.

VPN Working Group

The VPN team also met this again week, checking over another round of review and comments as we evolve and expand our draft paper. Details will be discussed with members in Dublin and a final paper is expected very soon, ready to progress towards voting and approval in step with the Sandbox paper.

RTTL Working Group

The RTTL team met last week, we’re preparing an update for members at next week’s meetings and will provide a detailed breakdown of progress, system changes and improvements, and upcoming plans.

AMTSO Standard and Test Calendar

Our Test Calendar had the usual rounds of updates recently from regular tests run under our Standard, and others including AV-Test’s ATP Endurance Test report; coming up soon we should have Q3 data from both SE Labs and MRG Effitas, as well as the first VBSpam test from Virus Bulletin to be run under the Standard. Here’s a summary of recent activities from our Standard compliance team:

  • A Public Test Notification has been issued by SecureIQLab for their upcoming Cloud Web Application Firewall V4.0 Test (AMTSO Test ID: AMTSO-LS1-TP127) on Friday, September 20th, 2024.  Note that this test is scheduled to begin in January 2025 and the commentary period is now open. 
  • A Public Test Notification was published on behalf of SE Labs for their Q4 2024 Endpoint Protection Test (AMTSO Test ID: AMTSO-LS1-TP128) on Friday, September 20th, 2024. 
  • Commentary as always may be submitted to the AMTSO Phase 1 Commentary Collection site : https://members.amtso.org/amtso-standards-phase-1-commentary-submission/

Information on all published and upcoming tests being tracked by AMTSO can be found in our test calendar.

Finances and Membership

Our financial update has been compiled ready for reporting back to our Board and members next week. We welcome our latest member, Malwation.

ABOUT THIS NEWSLETTER

We send this newsletter to all AMTSO member representatives, as well as non-members who have engaged with AMTSO recently and have an interest in what’s going on in the AMTSO community. If you have any friends or colleagues who would like to be kept informed of developments in the testing world, they can sign up here. If you’d like to know more about joining the AMTSO community, there’s information and an application form here.