Vendor: SentinelOne
Critical Endpoint Protection
Realistic attacks for useful results
Endpoint protection is a critical component of any organisation’s cyber security strategy
And if it’s critical then you should test it. And have others run assessments too. Testing endpoint protection involves evaluating the effectiveness of the security solutions. These solutions are deployed on endpoint devices such as desktops, laptops and mobile devices. Endpoint protection testing is necessary because endpoints are often the target of cyberattacks. Endpoints can be used as a gateway to gain access to sensitive data.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
SE Labs has extensive experience in endpoint protection testing. We have found that it is essential to conduct these tests regularly to ensure that the security vendors are keeping them up-to-date and effective. Our testing methodology involves replicating real-world cyberattack scenarios. And then evaluating how well the endpoint security solutions perform in detecting, preventing, and mitigating those attacks.
One of the key aspects of endpoint protection testing is the use of realistic attack scenarios. Our team of experts analyses the latest threat intelligence and creates attack scenarios that closely mimic the tactics, techniques, and procedures used by real-world cybercriminals. By doing so, we can determine how well the endpoint security solutions perform in detecting and preventing these attacks.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
How can you test and judge endpoint protection products?
Back to basics
How can you test and judge endpoint protection products?
Working out which endpoint protection product is right for your organisation requires a lot of thought.
Each product on the market has a pile of features and they don’t all do exactly the same thing. But at the very least, they should detect and stop malware threats. That should be your baseline when choosing between them. In our latest Endpoint Security (EPS) reports we test and judge endpoint protection products of many of the main brands, and we tell you how we do it.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.
How we test endpoint protection products
Testing security technology is rarely simple. We’ve talked about online anti-virus reviews before, and how they can be too basic to help make sensible buying decisions. But we don’t have to get bogged down in details here. Let’s get back down to basics. What should endpoint protection products do and how does SE Labs test them?
- Firstly, we install different anti-malware solutions onto real PCs – the sort you have on or under your desk. Then we attack those computers using threats we’ve found on the internet and using targeted attacks that we’ve built in our lab. Fundamentally, we behave like real attackers. It’s the purest kind of test.
- Secondly, we then score products on their performance. They get points for detecting the threat and further credit if they actually stop the attack. If they prevent the attack from running at all they score top marks for ‘blocking’ the threat.
- Lastly, we introduce good emails, websites and programs to the targets. If a security product blocks those, we deduct a lot of points because they are hampering users from using their computers properly.
Choose your reports and reviews carefully
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.
Which enterprise anti-virus?
Everyone tells you that you need it, but which one?
Which enterprise anti-virus is the best? Our reports help you choose the most appropriate enterprise anti-malware product that can protect your organisation from ransomware and other types of attack.
Choose the best enterprise anti-malware solution
Classic cybersecurity advice always includes a plea to, “install anti-virus” or “use endpoint protection software”. Journalists, bloggers and even governments hand this information out, as if it helps. Most platforms, including Microsoft Windows and Apple macOS, include anti-virus so the question then becomes, “which enterprise anti-virus?”
How do you choose?
The UK’s National Cyber Security Centre (NCSC) provides some mature and detailed advice but stops short of helping readers work out which products might be most suitable. The only time it tries to help in this respect ends in a bizarre suggestion that you might prefer a product that implements the Anti-Malware Scan Interface (AMSI). This feature is only relevant if you are developing security software yourself.
The Cybersecurity and Infrastructure Security Agency (CISA) in the US gives advice on stopping ransomware. At the bottom of the list, including useful items such as, “update and patch” and “keep your personal information safe” is the instruction to, “install antivirus software, firewalls and email filters.” Nowhere does any such organisation help you choose which is the best or most appropriate for your organisation.
When you search for, “best business anti-virus” or, worse, “best home anti-virus” you’ll see millions of links to better or lesser-known magazine websites and slightly shady reseller’s blogs. Some of the most respectable technical websites run sensible and unbiased reviews and there’s where you start to get somewhere: opinions on interfaces and prices. But how effective are these products?
Find the best reviews
The best reviewers delegate the really technical business of testing endpoint security to the professional testers. If you read their reviews you’ll see our name in there somewhere.
This is because organisations such as SE Labs spend all of their time testing security products – it’s what we specialise in. In our case we learn how the criminals behave and then copy them closely. This produces the most realistic results you can hope to see in a public security test. We also ensure that our reports are reviewed by the Anti-Malware Testing Standards Organization (AMTSO) to validate that we’ve tested fairly.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.
The world of cyber security sales is unclear at best
Our reports help you choose the best enterprise endpoint protection for your organisation. This latest one looks at how the most popular products handle the threats everyone faces on a daily basis, as well as the sort of targeted attack you hope never to encounter (but might).
Our testing is rigorous and tough. It’s hard to do well in an SE Labs test.
There aren’t many resources available to help make such buying decisions. Security marketing is fraught with misleading claims. That’s not just our opinion. “Snake oil” is a common refrain among attendees of security conferences and the large companies that buy security to the tune of over one trillion dollars a year.
Choose the best enterprise endpoint protection
SE Labs is particularly well connected in the security world. It’s partially how we have gained the trust of the security vendors themselves, and their own customers. We sit right in the middle of things, alongside the analysts who help businesses choose which vendors to work with. The work we do provides insight into which products are right for different companies, which all have different needs.
We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This enterprise endpoint protection report has gone through the AMTSO certification process. This ensures that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best anti-malware solution for their own needs.
SE Labs tested SentinelOne in this Breach Response test, pitting it against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.
Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access.
Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.