We compare endpoint security products directly using real, major threats
How can you test and judge endpoint protection products? SE Labs tested a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.
EDR products require advanced testing
An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack.
Anti-virus, or endpoint security plays an essential part in protecting Windows PCs. Whether you are working in the world’s largest enterprise, or using a small personal laptop, you need a last line of defence against attacks that use malicious code to steal or damage your data.
Are you a believer?
Some people have doubts about how useful anti-virus can be. Their opinions might be out of date, or they might believe marketing claims designed to push new products and discredit the competition.
At SE Labs we test endpoint security all the time, so we know what’s true and what belongs in the post-truth world. Here are the top five antivirus myths, busted!
SE Labs tested Coronet Cyber Security Coro against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks.
Full attack chain EDR test
There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.
Computer processors get the final word when running programs. Can they judge bad code from good?
Is ransomware detection using hardware possible? We look at Intel’s approach to improving ransomware detection.
All malware has to run on a target to achieve its goal. Whether it’s a remote access Trojan, a wild internet worm or devastating ransomware, malware is most likely software that has to run on a PC of some sort. The anti-virus software industry tries to detect and stop these threats, but news headlines suggest it’s not winning the war.
Show notes for series 2, episode 9 (final episode of series 2)
What is the attack chain? Why is it good to test using full attack chains? And what are some of the alternative approaches, with their pros and cons? We’ll try to answer all of these questions and more in this special presentation episode recorded at the AVAR conference in Singapore in December 2022.
If we’ve given the impression that we’re at the heart of the security world, working with the organisations that spend billions on security – and with the companies that make billions by selling security products – you’d be right. And that puts us in an awkward position. Because we want to make security better for everyone. And sometimes that means speaking some uncomfortable truths.
Three reasons our security tests are the most trustworthy
This security report compares anti-malware products. Its job is to help you make informed buying decisions. We applied advanced testing techniques to ensure that the results are meaningful. The same cannot be said for many other tests. I’d say you’ve picked a good one to read, here. Let’s prove that.
Security report checklist
There are a few questions you should ask when you look at a security report. These are all very important but in random order here they are:
SE Labs tested CrowdStrike Falcon against a range of ransomware attacks designed to extort victims. These attacks were realistic, using the same tactics and techniques as those used against victims in recent months.
Test like ransomware hackers
Testers attacked target systems, protected by CrowdStrike Falcon. Our testers in the lab acted in the same way as we observe ransomware groups to behave on the internet.
Attacks were initiated from the start of the attack chain, using phishing email links and attachments, as just two examples. Each attack was run from the very start to its obvious conclusion, which means attempting to steal, encrypt and destroy sensitive data on the target systems.
Thank you for opening this report. We hope you’ll be able to use it to get a better idea about which anti-malware products you might want to buy (or get rid of!)
What do the awards mean?
The report starts off with a list of products, each of which win impressive-looking awards. But have you considered what those awards mean? How come there aren’t any massive losers in the list? How hard is this security test anyway?
We compare endpoint security products directly using real, major threats.
Welcome to the first edition of the Enterprise Advanced Security test that compares different endpoint security products directly. We look at how they handle the major threats that face all businesses, from the Global 100, down to medium enterprises. And most likely small businesses, too.
Choose the best enterprise endpoint security solution
We give an overall score but also dig down into the details that your security team will care about. This report explains the different levels of coverage that these products provide.
Archive of security product and service test results
Cyber Security DE:CODED Podcast
All of our podcast episodes and related content
About
SE Labs Ltd is a private, independently-owned and run testing company that assesses security products and services. The main laboratory is located in Wimbledon, South London. It has excellent local and international travel connections. The lab is open for prearranged client visits.
