01/2026 - 03/2026
Security Evaluation Test Report: Enterprise Endpoint Security (Protection)
Protection Under Realistic Attack
Security products are often judged by what they claim to do. This report examines how they actually
behave when subjected to realistic attack conditions. SE Labs’ approach is to replicate credible adversary
behaviour and observe how products respond to it, across the full attack chain.
Measured Protection Against Realistic Cyber Attacks
That attack process includes the initial compromise and could potentially involve lateral movement, persistence, and data exfiltration or ransomware. Our objective is to measure protection as it is experienced in practice, not as it is defined by feature lists or controlled demonstrations.
Each product is exposed to the same threats, under the same conditions, with outcomes recorded and verified. This allows for direct comparison, and we can share the technical details to help improve the products afterwards.
Proving the Work
We don’t really think most people care about the deep details, but we include them anyway because we’ve put a lot of effort into doing our due diligence for this test report. We’ve been thorough, ticked all the boxes that the industry requires of us, and ticked some extra ones we think are critical.
The standard of our testing is world-leading and we want to prove to you that you can trust this test report – which is why there are explanations and charts for every part of the test. Even for bits you probably don’t care about.
Which solutions to trust?
Effective endpoint protection must do more than respond to known threats. It must adapt quickly, stop attacks early and resist attempts to bypass defences. While no product is perfect, some provide a much higher level of protection than others. This report makes those differences clear.
How we test
We tested a variety of anti-malware (aka ‘anti-virus’; aka ‘endpoint security’) products from a range of well-known vendors in an effort to judge which were the most effective. Each product faced the same threats. Specifically, these included a mixture of targeted attacks that used well established techniques, as well as public email and web based threats that were live on the internet at the time of the test. The results indicate how effectively the products were at detecting and/or protecting against those threats in real-time.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.