Release of Penetration Test for EDR-Equipped Terminals

Five Drive Inc. (Headquarters: Chiyoda-ku, Tokyo; President and CEO: Yasuhiro Miyamoto; hereinafter "Five Drive") has primarily provided penetration testing for networks and systems to identify risks of intrusion due to cyberattacks and the risks of damage to networks and systems after intrusion. In response to recent needs for enhanced endpoint security and risk assessment, we have released the "Penetration Test for EDR-Equipped Terminals" (hereinafter the "Service") as an option to our conventional network and system penetration testing.

1. Purpose and Background of the Service

In recent years, with the increasing sophistication and subtlety of cyberattacks, traditional "perimeter defense (preventing external intrusion)" alone is no longer sufficient to prevent damage. In response, many companies are reviewing their system configurations with the assumption of internal network intrusion and rapidly adopting "EDR (Endpoint Detection and Response)" to strengthen defenses on business terminals (endpoints).

However, new challenges have also emerged. Modern security products evolve rapidly and require advanced configuration and operational management, leading to a "black box" problem where companies "rely entirely on vendors for construction and are unaware if it is functioning correctly (detecting/defending) in their own environment."

In the unlikely event of an unknown attack that bypasses EDR, if there are deficiencies such as old authentication information (passwords, etc.) remaining on the terminal, attackers can seize privileges and rapidly expand damage (lateral movement) throughout the entire corporate network, posing a critical risk.

Against this backdrop, particularly in the financial industry, there has been an increase in consultations requesting professional assessment not only of traditional network penetration testing but also of whether EDR can effectively detect and defend against actual cyberattacks, and conversely, identifying terminal vulnerabilities considering cases where EDR might be bypassed (not detected or defended).

(Explanation of the diagram below)

① Network Penetration Test

Five Drive's penetration testing includes not only external intrusion checks remotely but also internal network investigations assuming an intrusion.

Specifically, testers visit the site, connect a test terminal to the internal network, and assist in identifying management issues and risks by conducting simulated attacks using information system vulnerabilities, data exfiltration, and lateral movement.

② Image of Penetration Test for EDR-Equipped Terminals

We lend EDR-equipped business terminals and conduct Phase 1 to assess detection status on endpoint security during the execution of attack tools such as malware, and Phase 2 to investigate the risk of internal terminal compromise if bypassed.

2. Overview of the Service

Phase 1: Detection Status Confirmation Using Simulated Malware

We will confirm whether attacks such as ransomware, privilege escalation, port scanning, and network reconnaissance can be executed without being blocked by EPP or EDR during the process from downloading to saving and executing simulated malware used in attacks, using 10 to 18 types of simulated malware.

The results will be reported within the Network Penetration Test Report, organized into content such as result extraction, information organization, and improvement considerations, and an Execution Results List (Excel) will be provided. The Execution Results List will be created after receiving the detection results identified by the customer after the test, allowing for an understanding of the exclusion status on EDR and the multi-layered detection status with EPP.

Phase 2: Manual Investigation of Internal Terminal Compromise Risk

We will conduct a manual investigation of business terminals (with EDR installed) provided by the customer, focusing on aspects such as information theft, file searching, and the possibility of lateral movement between EDR accounts. This plan is proposed for cases where installing test tools or using simulated malware is difficult due to company policy.

This plan will be included in the Network Penetration Test Report (a separate Detection Status Confirmation Results Table will not be created).

3. Service Provision

Notes

This service is proposed as part of network penetration testing; we do not offer penetration testing solely for business terminals.

As recent cyberattacks have reported methods to disable endpoint security, we recommend implementing measures to prevent damage spread within the network, such as information systems, in preparation for endpoint bypass.

Price

Please inquire

Related Links

Five Drive is dedicated to protecting our customers' valuable "information" above all else. Our Japanese staff, equipped with the latest knowledge and technology, meticulously diagnose each case by hand. We offer a range of services to address all information security concerns, so please feel free to consult with us.

Five Drive Homepage

https://www.fivedrive.jp/

Penetration Testing

https://www.fivedrive.jp/service/penetration-testing/penetration-test/

Inquiries Regarding This Release

Five Drive Inc. Sales Department

Email: sales@fivedrive.jp

TEL: 03-5577-5030