04/2025 - 06/2025
Security Evaluation Test Report: Enterprise Endpoint Security (Protection)
The Cost of Enterprise Endpoint Protection Failure
It will always be more than the cost of good protection. Whether you provide security for a global enterprise or run a small business with just a few employees, a single compromised endpoint brings serious consequences. In many cases, attackers don’t breach the most valuable system, but the most vulnerable. Once breached, attackers can move on to steal data, disrupt operations or deploy ransomware that stops business in its tracks.
It will always be more than the cost of good protection
For large organisations, the impact might include fines, reputational damage and widespread operational
downtime.
For smaller companies, the effect can be far worse. A single ransomware incident or business
email compromise could lead to a level of financial loss that the business cannot absorb. In some cases,
it means closure.
The Cost of Enterprise Endpoint Protection Failure
Why do we go to all this trouble? Because businesses need answers grounded in reality, not synthetic benchmarks or scripted demos. We copy the bad guys to discover the truth.
These include common malware found in the wild and more advanced attacks modelled on real adversaries. Some threats were captured directly from the internet and tested immediately. Others were designed to reflect how a capable attacker behaves, using techniques such as spear phishing and running post-exploitation tools within a network.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product was exposed to the same threats, which were a mixture of targeted attacks using well-established techniques and public email and web-based threats that were found to be live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.