All major ransomware attacks follow a certain attack pattern from APT groups. Therefore, AV-TEST attacked 14 endpoint solutions with 10 sophisticated APT scenarios in the laboratory and evaluated the Advanced Threat Protection Test based on the MITER ATT & CK matrix.
Protection solutions for companies usually have to recognize, classify and defend against thousands of attackers every day. The laboratory of AV-TEST already carries out certification tests for company protection software every two months and thus checks the constant safety of the products.
In the current Advanced Threat Protection test, the laboratory tests 14 endpoint protection platforms (EPP) for their performance against new, as yet unknown attack scenarios with ransomware, such as those that hack groups usually carry out. Unfortunately, many of them have been very successful in the past.
14 endpoint solutions against 10 ransomware attacks
The products from
- Avast Business Antivirus Pro Plus
- Bitdefender Endpoint Security
- Bitdefender Endpoint Security (Ultra)
- Checkpoint Endpoint Security
- Comodo Client Security
- G DATA Endpoint Protection Business
- Malwarebytes Endpoint Protection
- McAfee Endpoint Security
- Microsoft Defender Antivirus
- Seqrite Endpoint Security
- Sophos Intercept X Advanced
- Symantec Endpoint Security Complete
- VIPRE Security Advanced Security
- VMware Carbon Black Cloud
In the test, 14 protection solutions for companies with 10 sophisticated advanced persistent threat scenarios were attacked (Image: AV-TEST).
In order for a product to receive the “Advanced Approved Endpoint Protection” certificate, it must achieve at least 75% of the protection score points in the test. In this test, that's at least 25,5 points. All 14 products in this test received the certificate.
Good detection and immediate defense against ransomware
Each product had to solve 10 test cases for which there are up to 34 points. These 10 solutions achieve the maximum points when 8 attacks are detected: Bitdefender (Ultra version), Comodo, G DATA, Malwarebytes, Microsoft, Sophos, VIPRE Security and VMware.
Avast, McAfee and Symantec also recognize all 10 attacks, but have small problems in defense in the further course. The bottom line is 32,5 out of 34 points. The solutions from Bitdefender (Endpoint Security) and Seqrite fared similarly: 31,5 points each.
Check Point did not recognize an attack and loses the 3 possible points. All other 9 attacks, however, were repulsed without procedural errors: thus 31 points remain.
The course of an attack depends on the scenario. In this test, the laboratory uses 10 scenarios for a ransomware attack, each of which is always initiated via an email including an attachment. Each scenario is presented on the AV-TEST website.
Each product is tested in 10 scenarios: In the example, Avast Business had problems in the 5th of 10 scenarios and lost points (Image: AV-TEST).
While the test cases described only dealt with ransomware, the laboratory is preparing further advanced threat protection tests with other threats, such as script attacks or fileless attacks. The threat is then different, but the test procedure with 10 attack scenarios and an assessment according to the MITER ATT & CK matrix will be the same.
More at AV-TEST.org
About AV-TEST AV-TEST GmbH is an independent provider of services in the field of IT security and anti-virus research with a focus on the identification and analysis of the latest malware and its use in comprehensive comparative tests. The fact that the test data is up-to-date enables the quick-response analysis of new malware, the early detection of virus trends, and the investigation and certification of IT security solutions. The results of the AV-TEST Institute represent an exclusive information base and serve manufacturers for product optimization, specialist magazines for the publication of results and end customers for orientation in product selection.
The company AV-TEST has been operating in Magdeburg since 2004 and employs more than 30 people with profound specialist and practical experience. The laboratories are equipped with 300 client and server systems in which more than 2.500 terabytes of self-determined test data of harmful and harmless information are stored and processed. Further information can be found at https://www.av-test.org.