ESET Update Excellence
In today’s complex IT environment, upgrades and maintenance processes are critical for safe and uninterrupted business operations. Importantly, due to the rapidly evolving dynamics of the threat landscape, cybersecurity software requires frequent updates.
Providing insight into the recent crippling IT outage is crucial to demonstrating that customers and partners can rely on ESET. For more than 30 years, our experts have executed thousands of updates and we are determined to maintain our highest standards.
ESET maintains a seamless update experience with:
Endpoint Product Architecture
The ESET Endpoint Agent is designed in a modular way, adhering to the Principle of Least Privilege and isolation. This means that each component can only access the resources necessary for its operation, minimizing the risk of negative impacts in case of failure or exploitation. The architecture of ESET Endpoint Security allows the product to function even when specific modules are unavailable (for example, due to incorrect signatures), affecting only related security layers.
Additionally, the ESET Protect Agent acts as a watchdog, monitoring the product’s state and enabling remote fixes for faulty Endpoint security components.
Delayed Application of Risky Changes
To further enhance system stability, ESET applies changes that could potentially risk negative impacts (such as updates or modifications) after a reboot of the machine. By doing so, large-scale boot issues are prevented. This cautious approach ensures that critical components remain stable and operational.
Key Principles in ESET Module Loading Processes
Integrity Checking and Signature Validation are fundamental principles implemented during ESET module loading. These ensure that our products operate exclusively with trusted and accurate content.
Last Line of Defense: Module Rollback
ESET Endpoint Security provides a crucial last line of defense against faulty updates. It allows users to perform module rollbacks, reverting the product to a previous working state.
Development Process
Our development process at ESET follows DevSecOps best practices, including:
- Continuous automated testing
- Code reviews (including security reviews)
- Regression testing
- Nightly builds with automated code analysis
- Adherence to secure coding standards
- Regular training for engineering teams
Robust Build Process
Our build process relies on a robust pipeline that includes:
- Integrity checking
- Continuous monitoring of hardware and software components
- Redundancy to ensure the correctness of created software components
Certification and Testing
All kernel module components undergo additional testing and certification by Microsoft. Our extensive testing covers various combinations of supported architectures, operating systems, and OS versions. We also test compatibility with prevalent third-party software imitating the production environment of our customers.
24/7 Extensive Testing
ESET products undergo continuous 24/7 testing using modern fuzzing techniques. This helps identify potential issues related to processing input data (both internal and external).
Stability, Performance, and Resource Utilization
We rigorously test all components for stability, performance, and resource utilization. Metrics include factors like application startup time, system boot time, file copy speed, download speed, and memory consumption. Detection modules are also evaluated for detection rates and false positives, with the accepted number of false positives over benign sets (which are) set to zero.
Manual Testing and Agile Integration
In addition to automated testing, manual testing plays a crucial role in ensuring product quality. Here’s how we approach it:
Agile Testing: Our development teams follow agile methodologies, which means that testing is integrated throughout the development lifecycle. Testers collaborate closely with developers, ensuring that test cases are aligned with user stories and acceptance criteria.
Exploratory Testing: Testers perform exploratory testing to uncover unexpected issues. They simulate real-world scenarios, interact with the product, and validate its behavior. This approach complements scripted tests and helps identify edge cases.
Integration Testing: Manual integration testing verifies interactions between different components or modules. We validate data flow, APIs, and communication channels. Integration testing ensures seamless collaboration among various parts of the system.
Usability Testing: We involve end-users in usability testing. They provide valuable feedback on the product’s user interface, workflows, and overall experience. This helps us refine the product based on real-world usage.
Security Testing: Manual security testing assesses vulnerabilities that automated tools might miss. Testers analyze code, configurations, and access controls. They simulate attacks to identify potential risks.
Regression Testing: After each change, we perform manual regression testing. This ensures that existing functionality remains intact and that new features don’t introduce regressions.
Release Process
We distribute modules through the following channels:
Pre-release (Canary Deployment): Critical infrastructure operators can choose this risk-averse approach to prevent serious issues from emerging.
Release: Modules are made available to a wider audience.
Delayed Update Servers: These servers allow careful monitoring of changes to prevent cascading issues.
Additionally, we follow the “Shift Left” principle, ensuring that our engineering teams receive updates on their machines before customers do.
Summary
After decades of operation ESET’s quality assurance processes and update release procedures are fine-tuned to such a degree that our technical teams even avoid delivering large or critical updates at the end of the work week when staffing levels may be low. ESET is a strong proponent of cyber resilience strategy. Implementation is critical since incidents at scale can occur whether via technical outages, natural disasters, malicious attacks, or human error. Swift remediation, also critical, demands preparation.
We encourage admins to maintain proper update procedures and instill process discipline. First, installing updates in a test environment, then proceeding with deployment. ESET maintains a number of archived builds in our software repository to ensure the ability to rollback if needed.
We understand that many businesses are in a situation where changes to their security provider have become a boardroom-level discussion. As a means to facilitate executive dialogue, consider that ESET offers best-in-class protection for businesses of any size, and we invite you to explore how we compare to other vendors.
For further information, contact our local ESET teams with any questions you might have. To stay current on our latest research and awareness content, please visit WeLiveSecurity, where our experts continue to share their key insights.