Endpoint

For the EVE environment, the Endpoint is a virtual machine (preferably) with the golden image of the system the user want to test. This image must be behind all the cybersecurity controls that the company or organization will test; any type of virtualization is supported if the tests are run directly on the operating system.

For the Endpoint to be used in EVE Emulations the user must consider these points:

• Virtual Machine with golden image

• EVE Agent Installed.

• Added exceptions in security solutions.

• Allowed IP addresses/urls configured.

• Snapshot of Virtual Machine (if applicable).

Considering these points, the Endpoint can be considered ready for evaluations.

The preferred form of the Endpoint is using a Virtual Machine, but it is possible to install the EVE software on physical machines. Whereas it is more difficult to restore physical machines in case they are compromised. Therefore, the preferred form of installation is on virtual machines. This means, EVE is not targeting or interacting with the production servers of the organization.

OPERATION

The EVE platform operates by deploying agents in a representative manner. This means that by deploying a single agent within a zone where assets share the same security configuration across network, endpoint, and execution vectors, the entire security stack can be effectively evaluated.

Therefore, it is not necessary to emulate on every endpoint within the zone. However, if there is a variation in the security configuration within the same zone, it is recommended to deploy an additional agent to ensure comprehensive evaluation.