Endpoint Security Product Evaluation

Endpoints are the most common vector for a cybersecurity attack. The endpoint security marketplace is a constantly changing environment with diverse vendors and technical approaches. WWT's Live Malware Lab provides a "live fire" environment featuring real malware that allows customers to put vendors' conflicting claims to the test to identify which solution is right for their needs. WWT delivers malware lab testing as part of a paid proof of concept engagement.


The Live Malware Testing Lab is delivered to WWT customers as part of a paid engagement. Through testing in the lab, customers can:

  • Test the security efficacy of different endpoint security products while under fire from real-world malware and other cyber attacks.
  • Understand how security products will fit into their environment before purchasing a product.
  • Deploy agents onto Windows and Linux systems.
  • Experience firsthand the look and feel of each product.
  • Navigate each product's interface and workflow.

Solution Overview

In today's enterprise networks, endpoints are the most common vector for a cybersecurity attack. The marketplace offers a constantly changing variety of tools and solutions to protect endpoints and detect and respond to malware and suspicious behaviors. How does an organization sort through the forest of diverse vendors and technical approaches to identify the solution that provides the best fit for its requirements?

WWT's Live Malware Lab is delivered to customers as part of a paid engagement. It features a "live fire" environment housed in our Advanced Technology Center (ATC). The Live Malware Lab is a permanent "air-gapped" installation that simulates customer environments and allows for safe testing of security solutions using live malware. It supports both physical and virtual endpoints and can be customized to simulate a wide range of testing conditions.

Using the Live Malware Lab, customers can see different endpoint security products in action and compare them based on specific requirements. When combined with WWT's established proof of concept (POC) testing methodology and vendor-neutral approach, customers gain a 360-degree understanding of how these security tools would react in their own environments under fire.

Lab Topology

Hardware and Software

The contents of the Live Malware Lab will vary based upon individual customer requirements. In general, it will contain:

  • An independent internet connection protected by a firewall.
  • An OpenVPN virtual private network used for external lab access.
  • A Green ("Safe") Zone used for administration and testing purposes.
  • An isolated Red ("Infection-ready") Zone containing endpoints to be tested using live malware.