AMTSO News 2023-06-01

Welcome to our regular roundup of events and activities in and around AMTSO. 

Meetings and Events

Our member meeting in Budapest was held last week. 30+ member representatives and guests attended in person, and many more connected remotely to follow the meeting and contribute. Day one saw a raft of updates on AMTSO’s various projects and plans, including details of progress with our ThreatList sample-sharing project (more info below) and our efforts to set up regular connections to the CSO/CISO community. In the evening our traditional member dinner was held at a medieval-themed restaurant, where members networked over earthenware mugs of ale and wine and shared heaped platters of food. Day 2 was dominated by member and guest presentations, covering everything from anti-phishing testing proposals and new ideas in testing cloud security to updates on the changing legal landscape for malware-blocking and an appeal for transparency in access to leading testing tools. Tester member MRG Effitas took the opportunity to launch their new “Tempus” real-time testing and feedback system with a live demo.

The afternoon also saw our Board election candidates present their cases for a position helping run our organization – voting will close next Monday, June 5th, and the new Board will be announced once votes have been collated and confirmed. AMTSO members, please remember to submit your votes!

Selected slide decks and recordings from the Budapest event will be made available to AMTSO members in the next few days, via the AMTSO member website.

Our next Testing Town Hall event will take place on July 5th and we are in the process of lining up a set of speakers, with a focus on threat intelligence and its place in testing. Anyone interested in attending our online events is welcome to sign up, and if there’s something you’d like to present to the AMTSO community, either online or at an in-person event, you can contact [email protected] for more background.

XDR Testing

Among the many outcomes of the Budapest meeting, we plan to launch a project addressing the need for independent testing of XDR solutions. This will focus on creating a strong set of baseline requirements for such testing, alongside guidance and advice, and will draw on the needs and recommendations of purchasers from the CSO/CISO community. The project will be kicking off shortly with an open meeting for AMTSO members, to be followed by the formation of a working group to push the project forward. Any AMTSO members interested in participating in this project should contact your usual AMTSO representative for more information.

RTTL and ThreatList

Our RTTL system will shortly see the implementation of the new cloud sandbox features detailed in the last newsletter, which will allow contributors to gather more intel on the samples they submit via the system; we see this feature being of particular interest to CERTs and other groups using the system to distribute the samples they find to the wider security community. There was a brief outage in access to RTTL this week, which was remedied rapidly; causes are still being investigated and more details will be shared with the RTTL team within AMTSO as soon as they emerge.

Meanwhile our ThreatList project continues to move forward, with an official oversight board now appointed and planning their first formal meeting next week. Once plans for the system have been reviewed and approved by the new team, we anticipate opening up to the first contributions within a very short timeframe.

CSO Conference

Much discussion on this topic took place during our Budapest meeting, and we continue to work towards holding an event towards the end of 2023, pending negotiations with potential co-hosts. A meeting of the group within AMTSO driving this project will be held in the next few weeks to review progress and work on next steps.

AMTSO Standard and Test Calendar

Our test calendar carries information on 12 tests published during May, including the latest results for Windows 11 from AV-Test. Upcoming tests running under the AMTSO Testing Protocol Standard include Testing Ground Labs latest set of Android results and a new ransomware test from the same lab, and our first from AVLab Cybersecurity Foundation under the Standard. Further out are a test of advanced cloud firewalls from SecureIQLab due in July, and more reports from Standard regulars AppEsteem (whose 2023 series has now been confirmed compliant with our Standard in a first round of evaluation), SE Labs, and MRG Effitas. Significant recent activities for our Standard compliance team include:

  • Phase 2 Commentary covering the Testing Ground Labs (TGL) April 2023 Android Consumer Malware Detection Test Report (AMTSO Test ID: AMTSO-LS1-TP074) closes on Monday, June 5th with a Compliance Report due shortly thereafter.  In parallel, the same timeline applies for the Testing Ground Labs (TGL) April 2023 Android Enterprise Malware Detection Test Report (AMTSO Test ID: AMTSO-LS1-TP075).
  • A Compliance Confirmation Report was issued for the AppEsteem 2023 Test Series (AMTSO Test ID: AMTSO-LS1-TP064) on Wednesday, May 17th.
  • MRG Effitas released their Q1’2023 Android 360 Degree Assessment Test Report (AMTSO Test ID: AMTSO-LS1-TP071) on Wednesday, May 24th and a Phase 2 Commentary period is underway through Monday, June 5th.  A Compliance Report will be issued following the close of commentary.
  • The Testing Ground Labs (TGL) Q2’2023 Ransomware Protection Test for Windows (AMTSO Test ID : AMTSO-LS1-TP077) is underway with a scheduled completion date of mid-June.

Information on all published and upcoming tests being tracked by AMTSO can be found in our test calendar.

ABOUT THIS NEWSLETTER

We send this newsletter to all AMTSO member representatives, as well as non-members who have engaged with AMTSO recently and have an interest in what’s going on in the AMTSO community. If you have any friends or colleagues who would like to be kept informed of developments in the testing world, they can sign up here. If you’d like to know more about joining the AMTSO community, there’s information and an application form here.