Vendor: Kaspersky
Endpoint Detection Compared
Endpoint Detection Compared
SE Labs tested and compared a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.
An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.
Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cyber criminal behaviour and builds tests based on how bad guys try to compromise victims. The cyber security industry is familiar with the concept of the ‘attack chain’, which is the combination of those attack steps.
Fortunately, the MITRE organisation has documented each step with its ATT&CK framework. While this doesn’t give an exact blueprint for realistic attacks, it does present a general structure that testers, security vendors and customers (you!) can use to run tests and understand test results.
Read more reports here.
How can you test and judge endpoint protection products?
Back to basics
How can you test and judge endpoint protection products?
Working out which endpoint protection product is right for your organisation requires a lot of thought.
Each product on the market has a pile of features and they don’t all do exactly the same thing. But at the very least, they should detect and stop malware threats. That should be your baseline when choosing between them. In our latest Endpoint Security (EPS) reports we test and judge endpoint protection products of many of the main brands, and we tell you how we do it.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
How we test endpoint protection products
Testing security technology is rarely simple. We’ve talked about online anti-virus reviews before, and how they can be too basic to help make sensible buying decisions. But we don’t have to get bogged down in details here. Let’s get back down to basics. What should endpoint protection products do and how does SE Labs test them?
- Firstly, we install different anti-malware solutions onto real PCs – the sort you have on or under your desk. Then we attack those computers using threats we’ve found on the internet and using targeted attacks that we’ve built in our lab. Fundamentally, we behave like real attackers. It’s the purest kind of test.
- Secondly, we then score products on their performance. They get points for detecting the threat and further credit if they actually stop the attack. If they prevent the attack from running at all they score top marks for ‘blocking’ the threat.
- Lastly, we introduce good emails, websites and programs to the targets. If a security product blocks those, we deduct a lot of points because they are hampering users from using their computers properly.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.
Five Antivirus Myths Busted
And why do we still believe them?
Antivirus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks that use malicious code to steal or damage your data.
Our reports help you choose the best SMB anti-malware product that can protect you from ransomware and other types of attack.
Five antivirus myths busted!
- Anti-virus slows your computer.
- Anti-virus only stops viruses.
- You must pay for great protection.
- Detection means protection.
- Updates are no longer necessary.
If you want to know more about anti-virus and the myths around it, check out our podcast episode Is Anti-Virus Dead?
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.
Top Antivirus Myths Busted
And why do we still believe them?
Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks who use malicious code to steal or damage your data.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
Product factsheets:
Antivirus myths you shouldn’t believe
- Anti-virus slows your computer.
- Anti-virus only stops viruses.
- You must pay for great protection.
- Detection means protection.
- Updates are no longer necessary.
Read the full report to see why these myths exist and why they are not true.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.
Five Antivirus Myths Busted
And why do we still believe them?
Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks who use malicious code to steal or damage your data.
Our reports help you choose the best enterprise anti-malware product that can protect you from ransomware and other types of attacks.
Antivirus myths you shouldn’t believe
- Anti-virus slows your computer.
- Anti-virus only stops viruses.
- You must pay for great protection.
- Detection means protection.
- Updates are no longer necessary.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Choose your reviews carefully
3 reasons our small business tests are trustworthy
This security report compares anti-malware products. Its job is to help you make informed buying decisions.
Our reports help you choose the best SMB anti-malware product that can protect you from ransomware and other types of attack.
Product factsheets:
3 reasons our small business tests are trustworthy
- Is the test realistic?
- Does the tester explain how they tested?
- Does the tester explain how they make money
from the report?
There are all sorts of other little details to consider, which are often things security vendors get anxious about. These include technical details relating to the testing environment and the threats used to test the products. But ultimately, as a reader, you should care most about the list above.
Choose your reviews carefully
If you see a security report that isn’t realistic and transparent treat it with extra care. For more information about fake anti-virus reviews please see our blog post on the subject. If you want to make the most informed purchase of security software choose your reviews carefully.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Choose your reviews carefully
3 reasons our home tests are trustworthy
This security report compares anti-malware products. Its job is to help you make informed buying decisions.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
Product factsheets:
3 reasons our home tests are truly trustworthy
There are a few questions you should ask when you look at a security report. These are all very important but in random order here they are:
- Is the test realistic?
- Does the tester explain how they tested?
- Does the tester explain how they make money
from the report?
There are all sorts of other little details to consider, which are often things security vendors get anxious about. These include technical details relating to the testing environment and the threats used to test the products. But ultimately, as a reader, you should care most about the list above.
Choose your reviews carefully
If you see a security report that isn’t realistic and transparent treat it with extra care. For more information about fake anti-virus reviews please see our blog post on the subject. If you want to make the most informed purchase of security software choose your reviews carefully.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Choose your reviews carefully
3 reasons our enterprise tests are trustworthy
This security report compares anti-malware products. Its job is to help you make informed buying decisions.
Our reports help you choose the best enterprise anti-malware product that can protect you from ransomware and other types of attack.
Product factsheets:
Three reasons our security tests are the most trustworthy
There are a few questions you should ask when you look at a security report. These are all very important but in random order here they are:
- Is the test realistic?
- Does the tester explain how they tested?
- Does the tester explain how they make money
from the report?
There are all sorts of other little details to consider, which are often things security vendors get anxious about. These include technical details relating to the testing environment and the threats used to test the products. But ultimately, as a reader, you should care most about the list above.
Choose your reviews carefully
If you see a security report that isn’t realistic and transparent treat it with extra care. For more information about fake anti-virus reviews please see our blog post on the subject. If you want to make the most informed purchase of security software choose your reviews carefully.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
SMB Anti-Virus Testing
How hard should a security test be?
Thank you for opening this report. I hope you’ll be able to use it to get a better idea about which anti-malware products you might want to buy (or get rid of!)
Our reports help you choose the best SMB anti-malware product that can protect you from ransomware and other types of attack.
SMB Anti-Virus Testing
The report starts off with a list of products, each of which win impressive-looking awards. But have you considered what those awards mean? How come there aren’t any massive losers in the list? How hard is this security test anyway?
Baseline Testing
There are lots of ways you can test products. You could prod a teddy bear and say, “well, that looks good enough,” or you could take it to pieces and analyse every component forensically for build and functional quality. “This toy looks safe, its parts are large, soft and non-toxic, and we can’t burn it easily. Plus, it’s got big, cute eyes.” This could be a baseline for cuddly toys: SAFE, with cuteness as an extra bonus.
For anti-malware products we have to consider a few different things, including the following:
- Is it really an anti-malware product? Is it at least basically functional?
- Can it determine a good quantity of common malware, without blocking lots of useful software?
- Can it stop the malware, as well as simply detecting it?
Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.
Home Anti-Virus Testing
How hard should a security test be?
Thank you for opening this report. I hope you’ll be able to use it to get a better idea about which home anti-virus products you might want to buy (or get rid of!).
Our reports help you choose the best SMB anti-malware product that can protect you from ransomware and other types of attack.
Home Anti-Virus Testing
The report starts off with a list of products, each of which win impressive-looking awards. But have you considered what those awards mean? How come there aren’t any massive losers in the list? How hard is this security test anyway?
Baseline Testing
There are lots of ways you can test products. You could prod a teddy bear and say, “well, that looks good enough,” or you could take it to pieces and analyse every component forensically for build and functional quality. “This toy looks safe, its parts are large, soft and non-toxic, and we can’t burn it easily. Plus, it’s got big, cute eyes.” This could be a baseline for cuddly toys: SAFE, with cuteness as an extra bonus.
For anti-malware products we have to consider a few different things, including the following:
- Is it really an anti-malware product? Is it at least basically functional?
- Can it determine a good quantity of common malware, without blocking lots of useful software?
- Can it stop the malware, as well as simply detecting it?