If you produce some security software (Anti-malware, Anti-ransomware, URL Filter, etc.) you should never count only on one source of knowledge to deliver your product’s value to the customers.

Many companies think that this is their core competence and they refuse to look into other directions.

This is fundamentally wrong, even if you are a large enterprise with a lot of development and research power.

Why ?

Here are the top 6 reasons:

  1. Now matter how good your research is, you definitely have some gaps or weaknesses in the existing technology. Nobody can cover everything!
  2. I know from real-world examples how a 3rd party technology added as complement (on top or in parallel) has been successful in other organizations, and the benefits in terms of increased security, reduced R&D costs, and improved performance are much higher than the price paid for licensing or usage.
  3. If you use a consulting company who knows either your technology or 3rd party technologies, your skip a lot of research for finding the right solution, negotiate the terms and additionally, they can help you integrate with your existing solutions.
  4. Your clients will appreciate that the overall security is not 100% relying on your R&D and that other approaches are used. This will help them save money on buying another layer of protection in order to cover the gaps your product/technology has (see 1) .
  5. Working with others is the only way of staying ahead of evolving security threats and the only of benefiting of the competitive advantages that other solutions provide.
  6. The overall return on investment might not be immediately positive, but the long-term benefits for the company and for the clients will cover the costs multiple times.


Get in touch with us today to have a first (free of charge) discussion about how we can improve your products and technologies.

If you develop software, then a Secure Software Development Lifecycle (SSDL) process must be used starting from design, during the implementation, testing, deployment and ends when the product reaches its end of life.
Do not forget also about the software you use in your software: the supply chain of your product is as important as your product, especially because you do not own it.
If you have never did Risk Assessment, Threat Modeling, Security Testing or Security Assessment then get in touch with us now because you and your customers are probably in danger!

Contact us for more information


#ssdlc #sdlc #security #tara #threatmodeling #risk #assessment #testing #endpoint #cybersecurity #supplychain

I will be representing my company Endpoint Cybersecurity GmbH in attending the Virus Bulletin Conference in Prague between 27.9 and 1.10.

If you want an appointment, please Contact Us.

In the automotive industry, Cybersecurity is already a critical success factor.
A Cyber Security Management System (CSMS) is soon going to become mandatory for all vehicles manufacturers and suppliers.
Starting with July 2024, the type approval of vehicles will be possible only if a certified CSMS is available and Cyber Security is ensured throughout the entire lifecycle of the vehicle.
IMPORTANT: Also, all subcontractors are required to show proof of their cybersecurity maturity.

Get in touch with us to discuss what needs to be done.


#csms #iso21434 #wp29 #unece #r155 #r156 #cybersecurity #automotive #tier1 #oem #contractors #magility

The recent attacks on the software supply chains of big software producers showed us that this component has not received the needed attention.
We can help you identify your supply chain, perform a threat assessment and establish a monitoring process for all software components that are part of your supply chain.
Don’t postpone this by telling yourself ‘Never change a running system’ and hope for the best.
Usually, the oldest or least known parts of your supply chain are the weakest links.
Did you know that a recent ENISA study showed that 66% of attacks focus on the supplier’s code ?

Here is more information

#security #testing #vulnerability #threat

Penetration testing is the technical analysis of the safety level of IT systems and networks.
We offer a complete investigation of the hardware / software systems for security vulnerabilities.
If you have at least one online service, then you must make sure that it is not vulnerable to attackers.
Our white hackers simulate potential attacks from internal and external perpetrators (intranet, internet).

The detection of security vulnerabilities includes the following sub-processes:
– Information Gathering/Preparation of the testing
– Vulnerability Detection and Verification
– Reporting
– Retesting of the fixes

You can find here more details: https://www.endpoint-cybersecurity.com/portfolio-item/pentesting/

#pentest #vulnerability #testing #ciso #whitehacker



A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities.

In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles:

    • that of the consulting company helping them to build the product and enter the market


    • that of working with certification companies regularly, checking the products for detection and performance


  • that of working with Microsoft to make the company compliant and keep them compliant

One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still have a lot of challenges in understanding that implementing AV software is not the same as implementing any other type of software. Despite the fact that they still get flagged by the established products for various reasons, there are still more and more companies trying to enter the market.

A lot of people in the audience will ask themselves ‘why would anyone want to enter the market, since the market is overcrowded, there are plenty of free products out there, and on Windows there is also Microsoft Defender?’. We will try to provide an answer to this question, but the answer is not what many think it is. Or, maybe it is …




If you’re serious in selling an AV product on Windows, you need certain APIs which are related to Windows Security Center / Action Center. You can get this API only if you are a member in the Microsoft Virus Initiative (MVI).

The Microsoft Virus Initiative (MVI) helps organizations to get their products working and integrated with Windows.

Here are the requirements to become a member:

Become a member

A request for membership is made by an individual as a representative of an organization that develops and produces antimalware or antivirus technology. Your organization must meet the following eligibility requirements to qualify for the MVI program:

  1. Offer an antimalware or antivirus product that is one of the following:
    • Your organization’s own creation.
    • Developed by using an SDK (engine and other components) from another MVI Partner company and your organization adds a custom UI and/or other functionality.
  2. Have your own malware research team unless you build a product based on an SDK.
  3. Be active and have a positive reputation in the antimalware industry.
    • Activity can include participation in industry conferences or being reviewed in an industry standard report such as AV Comparatives, OPSWAT or Gartner.
  4. Be willing to sign a non-disclosure agreement (NDA) with Microsoft.
  5. Be willing to sign a program license agreement.
  6. Be willing to adhere to program requirements for antimalware apps. These requirements define the behavior of antimalware apps necessary to ensure proper interaction with Windows.
  7. Submit your app to Microsoft for periodic performance testing.
  8. Certified through independent testing by at least one industry standard organization.

The most hard to achieve requirements are marked bold.

What you get ?

MVI members receive access to Windows APIs and other technologies including IOAV, AMSI and Cloud files. Members also get malware telemetry and samples and invitations to security related events and conferences.

We will work with you to get your company in the Antivirus Vendor page, we will build your product, will get your product accepted by Microsoft and deliver it to your customers.

Microsoft requires certain things from companies developing security products. Additionally, if you’re serious in selling an AV product on Windows, you need certain APIs which are related to Windows Security Center / Action Center.
These are not well documented and are usually very complex.

We have experience in dealing with such issues and with Microsoft.

Here are some steps required:

  • Set up the basics to deal with Microsoft
    • Build the product
    • Apply for 3rd party testing
    • Apply to MVI correctly
  • After that, we can help you
    • Integrate the API you obtain from Microsoft
    • Create the tool for interacting with the Action Center
    • Make it user friendly and test it with additional OSs.
    • Modify the updater to interact with the Action Center
    • Modify the licensing manager to interact with the Action Center
    • Modify the various other product functions to interact with the Action Center
    • Submit the kit (the result depends on all of the above)
    • Implement the product landing pages
    • Implement the incident landing pages
  • Make the required tests and adapt the product until you pass
  • Test and adapt the product for the Microsoft guidelines of interacting with Action Center  (all above situations)
  • Test and adapt the product for usability in regards to Windows 10 (which are special requirements)

We can’t do all these steps for you, but will guide and accompany you and your teams in doing them. Some of these steps we can do for you.

Please contact us to get more details.

An endpoint security product (aka: Antivirus product) has the following components:

  • User interface
  • The entire interception and detection technology to intercept file, memory, registry accesses:
  • Real time scanner (drivers, service) logic
  • On demand scanner  logic
  • Intercept Registry accesses (optional)
  • Identify running processes and scan them in memory together with the file on disk (optional)
  • Scanning logic – what gets scanned with what technology
  • In the cloud protection (optional)
  • Updater program and continuous updates for Product and Detection
  • Installer
  • Licensing management (offline and optional online)

All these are independent of the engine OEM vendor.


In addition, if you choose Avira to be your OEM vendor, you would benefit of our long experience in this field.

  • Integration of Avira SAVAPI with On Access Scanning (needs to be licensed separately from Avira)
    • SAVAPI
    • Drivers
    • Updater for Avira files

Optional components:

  • False Positive Prevention
  • Zero Day protection using cloud components
  • Remote configuration and control

Last, but not least:

  • Help to get in included into the Microsoft Virus Initiative
  • Windows Security Center integration

What we are offering:

Consulting for your team on how to build a product.

Your team will get a www.visualstudio.com account connected to a Slack channel.

All items will be documented there:

  • Features  (above list)
  • User stories to define each feature in details
  • Bugs to signal issues in the product

You can book our services also to Promote your antivirus product