Working out which endpoint protection product is right for your organisation requires a lot of thought.
Each product on the market has a pile of features and they don’t all do exactly the same thing. But at the very least, they should detect and stop malware threats. That should be your baseline when choosing between them. In this blog post, we explain how we test so you can judge which endpoint protection products are best for your organisation.
Do the major security products really protect us from threats?
In our latest Endpoint Security (EPS) reports we’ve checked many of the main brands, to see if they really do stop the sort of threats that hammer on our systems every day, as well as some of the more advanced, targeted threats.
Testing security technology is rarely simple. We’ve talked about online anti-virus reviews before, and how they can be too basic to help make sensible buying decisions. But we don’t have to get bogged down in details here.
Let’s get back down to basics. What should endpoint protection products do and how does SE Labs test them?
How do we test endpoint protection products?
Firstly, we install different anti-malware solutions onto real PCs – the sort you have on or under your desk. Then we attack those computers using threats we’ve found on the internet and using targeted attacks that we’ve built in our lab. Fundamentally, we behave like real attackers. It’s the purest kind of test.
The internet threats we use aren’t just malware files. They are a series of stages, such as opening an infected email and activating the attached file that then downloads and runs malicious code from the internet. Similarly, targeted attacks involve delivering malware to the target and then taking some level of control to steal or destroy data.
We then score products on their performance. They get points for detecting the threat and further credit if they actually stop the attack. If they prevent the attack from running at all they score top marks for ‘blocking’ the threat. If they halt a threat after it starts running, then it gets fewer points for ‘neutralising’ the threat. If they fail to prevent the attack we deduct points due to the ‘compromise’ of the target.
Security products don’t just have to stop bad things. They have to allow good things too, otherwise, you wouldn’t be able to use your computer. We also introduce good emails, websites and programs to the targets. If a security product blocks those, we deduct a lot of points because they are hampering users from using their computer properly.
That, in a nutshell, is how we test and judge anti-malware products. We install them like a user would, we attack the protected targets like hackers do and we score them according to how well they protected the system. It’s a basic approach that stands the test of time and gives you the most realistic view on which products are best for you.