The purpose behind Checkmark Certified Real Time system is to allow continual testing of any given security solution. In addition to the baseline testing , periodic testing helps gauge a solution’s overall worthiness and operability, continuous testing allows for more precise measurement of its capabilities and timeliness in detecting incoming malware.
To enable this testing, the Real Time system is supplied by a constant feed of malware samples that are being captured from a number of sources, such as the Checkmark Certified global honeypot system. These feeds provide samples on a 24x7x365 basis from locations/sources the world over.
The first stage of testing, sees the sample downloaded to each respective client machine. Here, proprietary scripts monitor the client for signs that the sample has been successfully blocked, or otherwise nullified, by the security solution. If successful, the result is recorded and the next sample tested; if unsuccessful, the downloaded sample is then scanned using the solution’s on-demand scanning engine. As with the previous stage, a successful detection event here is recorded and the next sample readied and tested. However, if unsuccessful, a comparison is made between the current test time/date and that which was recorded when the sample first entered testing. If the undetected sample is less than 72 hours old, it is re-entered for testing, if over 72 hours the sample is officially classified as missed and dropped from the pool of sample available to the solution.
Along with the baseline and RealTime detection results, the user and system performance data are included in the SME reports available to qualified IT professionals.