Vendor: Bitdefender
Endpoint Detection Compared
We compare endpoint security products directly using real, major threats
Welcome to the third edition of the Enterprise Advanced Security test, where we directly compare various endpoint security products. This report examines how these products tackle major threats faced by businesses of all sizes from the Global 100 down to medium enterprises, and likely small businesses too. While we provide an overall score, we also delve into the specific details that matter most to your security team, outlining the different levels of protection these products offer.
Endpoint Detection and Response (EDR) solutions go beyond traditional antivirus software, requiring more advanced testing methods. To truly evaluate EDR capabilities, testers need to act like real attackers, meticulously replicating each step of an attack.
It might be tempting to take shortcuts during testing, but to genuinely assess an EDR product’s effectiveness, it’s crucial to execute every stage of an attack. And each of these stages needs to be realistic; you can’t just guess what cybercriminals might do. That’s why SE Labs carefully tracks real-world cybercriminal behaviour and designs tests based on their tactics.
Thankfully, the MITRE organization has outlined these steps through its ATT&CK framework. While this framework doesn’t provide a precise guide for every attack scenario, it offers a valuable structure that testers, security vendors, and customers (like you!) can use to conduct tests and interpret results.
How we test endpoint security products
We tested a variety of Endpoint Detection and Response products against a range of hacking attacks
designed to compromise systems and penetrate target networks in the same way criminals and other attackers breach systems and networks.
Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Is AI able to protect your Windows systems?
And are attackers using it to breach your network? Artificial Intelligence is ruling the stock market and may be on the verge of ruling the world if you believe the business influencers. If AI is as powerful as some say, surely it should be able to protect our windows systems from hackers?
The products in this test almost certainly rely on AI-related technologies to detect and protect against attacks. These technologies have been running in the background for about 20 years. We can argue that not only does anti-virus/ endpoint protection use AI, but it’s been doing so for many years, and certainly before Cylance claimed to be the first.
But I did something sneaky there. I slid in the word ‘-related’. Because when people talk about ChatGPT and other popular ‘AI’ tools, they are usually talking about something else. They are amazed by the utility of Machine Learning (ML) systems, which appear to be able to mimic human thought in a rather magical way.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Endpoint Detection Compared
Endpoint Detection Compared
SE Labs tested and compared a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.
Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cyber criminal behaviour and builds tests based on how bad guys try to compromise victims. The cyber security industry is familiar with the concept of the ‘attack chain’, which is the combination of those attack steps.
Fortunately, the MITRE organisation has documented each step with its ATT&CK framework. While this doesn’t give an exact blueprint for realistic attacks, it does present a general structure that testers, security vendors and customers (you!) can use to run tests and understand test results.
Read more reports here.
Top Antivirus Myths Busted
And why do we still believe them?
Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks who use malicious code to steal or damage your data.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
Product factsheets:
Antivirus myths you shouldn’t believe
- Anti-virus slows your computer.
- Anti-virus only stops viruses.
- You must pay for great protection.
- Detection means protection.
- Updates are no longer necessary.
Read the full report to see why these myths exist and why they are not true.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.
Choose your reviews carefully
3 reasons our home tests are trustworthy
This security report compares anti-malware products. Its job is to help you make informed buying decisions.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
Product factsheets:
3 reasons our home tests are truly trustworthy
There are a few questions you should ask when you look at a security report. These are all very important but in random order here they are:
- Is the test realistic?
- Does the tester explain how they tested?
- Does the tester explain how they make money
from the report?
There are all sorts of other little details to consider, which are often things security vendors get anxious about. These include technical details relating to the testing environment and the threats used to test the products. But ultimately, as a reader, you should care most about the list above.
Choose your reviews carefully
If you see a security report that isn’t realistic and transparent treat it with extra care. For more information about fake anti-virus reviews please see our blog post on the subject. If you want to make the most informed purchase of security software choose your reviews carefully.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Home Anti-Virus Testing
How hard should a security test be?
Thank you for opening this report. I hope you’ll be able to use it to get a better idea about which home anti-virus products you might want to buy (or get rid of!).
Our reports help you choose the best SMB anti-malware product that can protect you from ransomware and other types of attack.
Home Anti-Virus Testing
The report starts off with a list of products, each of which win impressive-looking awards. But have you considered what those awards mean? How come there aren’t any massive losers in the list? How hard is this security test anyway?
Baseline Testing
There are lots of ways you can test products. You could prod a teddy bear and say, “well, that looks good enough,” or you could take it to pieces and analyse every component forensically for build and functional quality. “This toy looks safe, its parts are large, soft and non-toxic, and we can’t burn it easily. Plus, it’s got big, cute eyes.” This could be a baseline for cuddly toys: SAFE, with cuteness as an extra bonus.
For anti-malware products we have to consider a few different things, including the following:
- Is it really an anti-malware product? Is it at least basically functional?
- Can it determine a good quantity of common malware, without blocking lots of useful software?
- Can it stop the malware, as well as simply detecting it?
Zero to Neo
Targeted attacks come in all levels of sophistication
Our reports help you choose the best SMB anti-malware product that can protect you from ransomware and other types of targeted attacks.
Choose the best SMB endpoint security solution
There seems to be no limit to the powers of cyber criminals. In 2021 the public became aware of the advanced capabilities of the NSO group, now infamous for helping governments spy on dissidents and others.
Product factsheets:
Targeted targets
The SolarWinds attack compromised some of the largest organisations in the world (and my implication, their customers – and so on, down the supply chain). And the US’ largest oil pipeline company was breached, and its systems held to ransom.
Most analyses of these incidents recognise that endpoint security was attacked. As we alluded to in our annual report this year, breaches are a process. The initial stages of these famous attacks may not have involved a Windows PC but if your organisation grinds to a halt because everyone’s laptop is showing a red warning and a Bitcoin demand then the endpoint was compromised at some point. It needs protection, regardless of other security layers in play.
We include targeted attacks in our endpoint protection tests because hackers can use a variety of techniques to attack endpoints. Not all targeted attacks are as sophisticated and focussed as the automatic iPhone exploits used by the NSO Group. Sometimes a targeted attack can be as simple as someone using a basic tool downloaded from the internet. Your adversary might be your neighbour, rather than a government-backed organisation. In fact, that’s possibly more likely.
Protection is expected
It doesn’t really matter who represents a threat to you: a resourceful cyber ninja or an idiot colleague. When you or your business buys an endpoint protection product you expect it to stop attacks, sophisticated or otherwise. When you read the results in this report, remember that all it takes is one successful attack to ruin your day or your company.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
SMB Ransomware Protection Tested
Red screens means red faces. Prevent, don’t pay!
Our reports help you choose the best enterprise anti-malware product that can protect you from ransomware and other types of attack
Choose the best home anti-malware solution
Ransomware is causing all the rage right now. It’s the type of threat that gets attention because a successful attack is extremely visible (the attacker needs you to know it’s worked, or you won’t pay!) Also, there is a direct and substantial cost attached to it. In addition to paying security specialists to help, there’s a fat ransom demand sitting on your screen.
While much hacking is subtle, stealing information silently, ransomware is in your face. It stops businesses in their tracks. It gets the attention of the finance directors. It provides powerful ammunition to security teams arguing for more resources. And, of course, it makes headlines.
Ransomware attacks used to be splashed around automatically. Anyone could be unlucky enough to click on the wrong link and face a red screen asking for a Bitcoin. And these ‘commodity’, untargeted ransomware attacks still exist. Some of the threats used in the making of this report are just such attacks.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Small business endpoint protection
How to get out more than you put in
Our reports help you choose the best enterprise endpoint protection for your organisation. Picking a suitable solution isn’t just a matter of scanning through testing awards. You need to look closely at what you need, what you already have and what is available.
Choose the best anti-malware solution
If you were going to buy a new security fence, burglar alarm or CCTV system you would research the various options and consider how to deploy it in your very specific situation. The same should follow for endpoint protection systems. What do you really need? Are the candidates basically capable? And can you get the best out of them in your environment. We hope this report helps you answer some of these important questions.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This enterprise endpoint protection report has gone through the AMTSO certification process. This ensures that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best anti-malware solution for their own needs.
Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.
Hands up, who’s been hacked?
Get ahead in the game that never ends
Have you ever been hacked? You, personally, or your business? If your answer is, “no” it would be interesting to know how you can be so sure.
Keeping your wits about you is essential, but you can’t do it all on your own. That’s why a good (anti-malware) endpoint protection solution is an essential basis for your online protection. We hope this report helps you or your business get ahead in the game that never ends.