The colonial ransomware attack could have been prevented by using an enterprise security solution and the right patch management. So Peter Stelzhammer, co-founder of AV-Comparatives.
AV-Comparatives recently published the results of its Enterprise Endpoint Protection (EPP) Main-Test Series. The factsheet contains the results of the Enterprise Malware Protection Test and the Enterprise Real-World Protection Test.
19 endpoint protection solutions put to the test
The use of one of these enterprise security solutions and the right patch management could have easily prevented the ransomware attack on the Colonial Pipeline. The use of security solutions is almost always cheaper than the cost of a successful attack, in this case USD 5 million.
AV-Comparatives continues its detailed testing and is pleased to announce the release of a new report based on the recent Enterprise Main test series. This series of tests is dedicated to enterprise products and the fact sheet just published contains the results of the Enterprise Malware Protection Test and the Enterprise Real-World Protection Test. Sources have reported that the full Speed Impact and Reviews report will be released in July.
Enterprise main test series
As part of the Enterprise Main Test Series, AV-Comparatives evaluated anti-virus solutions under Windows 10 64-bit 19 Endpoint Protection. The products tested are:
• Acronis Cyber Protect Cloud with Advanced Security pack
• Avast Enterprise Antivirus Pro Plus
• Bitdefender GravityZone Elite
• Cisco Secure Endpoint Essentials
• CrowdStrike Falcon Pro
• Cybereason Enterprise
• Elastic Security
• ESET PROTECT Entry with ESET PROTECT Cloud
• FireEye Endpoint Security
• Fortinet FortiClient with EMS, FortiSandbox & FortiEDR
• G Data Endpoint Protection Enterprise
• K7 Enterprise Security Advanced
• Kaspersky Endpoint Security for Enterprise - Select, with KSC
• Malwarebytes EDR
• Microsoft Defender Antivirus with Microsoft Endpoint Manager
• Panda Endpoint Protection Plus on Ether
• Sophos Intercept X Advanced
• Vipre Endpoint Cloud
• VMware Carbon Black Cloud Endpoint Standard
“In enterprise environments, and with enterprise products in general, it is common for products to be configured by the system administrator, so we have asked all vendors to configure their respective products. Only a few vendors provide their products with optimal default settings that are ready to use and therefore have not changed the settings.” said AV-Comparatives co-founder Peter Stelzhammer.
Test environment
The report gives a brief overview of the results of the Enterprise Real-World Protection Test carried out in March and April 2021. A test set consisting of 373 test cases (e.g. malicious URLs) was used.
The Malware Protection Test was conducted to evaluate the ability of a security program to protect a system from infection by malicious files before, during, or after execution. 1.008 current malware samples were used for this test. A false positive test with common enterprise software was also carried out. None of the products tested had any false positives on common enterprise software.
More at Sophos.com
Matching articles on the topic