The independent ISO-certified security testing laboratory AV-Comparatives has published the results of its Endpoint Prevention & Response (EPR) test. Each of the 10 products tested was subjected to 50 different targeted attack scenarios.
Data breaches can have a significant financial impact, with the average cost of a breach currently being $4,24 million, according to IBM, according to AV-Comparatives. The highest Strategic Leader Award was given to Bitdefender, Palo Alto Networks, Check Point, CrowdStrike, F-Secure, Cisco and ESET. Broadcom's Symantec was honored with the CyberRisk Visionaries Award. Two other providers received the Strong Challengers Award.
Strategic Leader Award for EPR products
The Strategic Leader Award is given to EPR products that demonstrate a very high return on investment and very low total cost of ownership. These products feature outstanding enterprise-class prevention, detection, response and reporting capabilities combined with optimal operational and analytical workflow capabilities.
Organizations use EPR products to detect, prevent, analyze and respond to targeted attacks such as Advanced Persistent Threats (ATPs). They should be able to detect and block malware and network attacks targeting individual workstations, as well as deal with multi-stage attacks aimed at infiltrating an organization's entire network.
Comprehensive test of EPR products
The EPR test includes a variety of different techniques. If the attacks remain undetected, they go through three different phases: Endpoint Compromise and Foothold; Internal Propagation and Asset Breach. The tests determined whether the product detected the attack, took automatic action to counter the threat (active response), or provided information about the attack that the administrator could use to take action (passive response). If an EPR product fails to block an attack in one phase, the attack will continue in the next phase.
A time window of 24 hours after the start of an attack was set for each product tested. The testers examined each product's ability to take remedial actions, such as: B. isolating an endpoint from the network, restoring from a system image or editing the Windows registry. AV-Comparatives also tested each product's ability to examine the nature of an attack, including a timeline and phase breakdown. Finally, each product's ability to collect information about indicators of compromise and present it in an easily accessible form was assessed.
More at AV-Comparatives.org
About AV-Comparatives
AV-Comparatives is an independent AV test laboratory based in Innsbruck, Austria, and has been publicly testing computer security software since 2004. It is certified according to ISO 9001: 2015 for the area of "Independent tests of anti-virus software". It also has EICAR certification as a "Trusted IT Security Testing Lab".