All reports

07/2024 - 09/2024

Enterprise Advanced Security (EDR): Enterprise 2024 Q3 – DETECTION

Endpoint security products

Endpoint Detection Compared

We compare endpoint security products directly using real, major threats

Welcome to the third edition of the Enterprise Advanced Security test, where we directly compare various endpoint security products. This report examines how these products tackle major threats faced by businesses of all sizes from the Global 100 down to medium enterprises, and likely small businesses too. While we provide an overall score, we also delve into the specific details that matter most to your security team, outlining the different levels of protection these products offer.


Endpoint Detection and Response (EDR) solutions go beyond traditional antivirus software, requiring more advanced testing methods. To truly evaluate EDR capabilities, testers need to act like real attackers, meticulously replicating each step of an attack.

It might be tempting to take shortcuts during testing, but to genuinely assess an EDR product’s effectiveness, it’s crucial to execute every stage of an attack. And each of these stages needs to be realistic; you can’t just guess what cybercriminals might do. That’s why SE Labs carefully tracks real-world cybercriminal behaviour and designs tests based on their tactics.

Thankfully, the MITRE organization has outlined these steps through its ATT&CK framework. While this framework doesn’t provide a precise guide for every attack scenario, it offers a valuable structure that testers, security vendors, and customers (like you!) can use to conduct tests and interpret results.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

How we test endpoint security products

We tested a variety of Endpoint Detection and Response products against a range of hacking attacks
designed to compromise systems and penetrate target networks in the same way criminals and other attackers breach systems and networks.


Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. Our results help vendors improve their products and buyers choose the best for their own needs.

All reports

04/2023 - 06/2023

Enterprise Advanced Security (EDR): Enterprise 2023 Q2 – DETECTION

Endpoint Detection Compared

Endpoint Detection Compared

Endpoint Detection Compared

SE Labs tested and compared a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cyber criminal behaviour and builds tests based on how bad guys try to compromise victims. The cyber security industry is familiar with the concept of the ‘attack chain’, which is the combination of those attack steps.

Fortunately, the MITRE organisation has documented each step with its ATT&CK framework. While this doesn’t give an exact blueprint for realistic attacks, it does present a general structure that testers, security vendors and customers (you!) can use to run tests and understand test results.

Read more reports here.

All reports

07/2020 - 09/2020

Enterprise Endpoint Protection 2020 Q3

Hands up, who’s been hacked?

Get ahead in the game that never ends

Have you ever been hacked? You, personally, or your business? If your answer is, “no” it would be interesting to know how you can be so sure.

Keeping your wits about you is essential, but you can’t do it all on your own. That’s why a good (anti-malware) endpoint protection solution is an essential basis for your online protection. We hope this report helps you or your business get ahead in the game that never ends.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

All reports

07/2020 - 09/2020

Small Business Endpoint Protection 2020 Q3

Hands up, who’s been hacked?

Get ahead in the game that never ends

Have you ever been hacked? You, personally, or your business? If your answer is, “no” it would be interesting to know how you can be so sure.

Keeping your wits about you is essential, but you can’t do it all on your own. That’s why a good (anti-malware) endpoint protection solution is an essential basis for your online protection. We hope this report helps you or your business get ahead in the game that never ends.

Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

All reports

04/2020 - 06/2020

Home Anti-Malware Protection 2020 Q2

Next-gen security testing for next-gen products.

Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

All reports

04/2020 - 06/2020

Small Business Endpoint Protection 2020 Q2

Next-gen security testing for next-gen products.

Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

All reports

04/2020 - 06/2020

Enterprise Endpoint Protection 2020 Q2

Next-gen security testing for next-gen products.

Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

All reports

01/2020 - 03/2020

Small Business Endpoint Protection 2020 Q1

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

All reports

01/2020 - 03/2020

Enterprise Endpoint Protection 2020 Q1

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab
All reports

10/2019 - 12/2019

Enterprise Endpoint Protection 2019 Q4

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download

Contact us

Give us a few details about yourself and describe your inquiry. We will get back to you as soon as possible.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.uk Connect with us Find us