Advanced Threat Protection (ATP) Test 2022
AV-Comparatives has released the results of its 2022 Advanced Threat Protection Tests. Nine consumer antivirus products and nine enterprise endpoint-security programs for Windows were put through their paces.
AV-Comparatives’ Advanced Threat Protection Test uses a variety of different attack scenarios, which the tested programs have to defend against. Targeted attacks employ various different techniques to avoid detection by security software. These include fileless attacks, code obfuscation, and the use of legitimate operating-system tools. Disguising malicious code also makes it hard for a security program to recognise it. The misuse of legitimate system programs for malicious purposes also makes it easier for cybercriminals to stay under the radar of security measures.
In the Advanced Threat Protection Tests, AV-Comparatives uses hacking and penetration techniques that allow attackers to access internal computer systems. All our tests use a subset of the TTP (Tactics, Techniques, Procedures) listed in the MITRE ATT&CK® framework. A false alarm test is also included in the reports.
Tested enterprise endpoint security products include: Acronis Cyber Protect Cloud with Advanced Security Pack; Avast Ultimate Business Security; Bitdefender GravityZone Business Security Premium; CrowdStrike Falcon Pro; ESET PROTECT Entry with ESET PROTECT Cloud; G Data Endpoint Protection Business; Kaspersky Endpoint Security for Business – Select with KSC; Microsoft Defender Antivirus for Business; VMware Carbon Black Cloud Endpoint Standard.
All the enterprise products listed above blocked at least eight out of fifteen advanced attacks, and so received AV-Comparatives’ ATP Enterprise Certification.
Tested consumer security programs include: Avast Free Antivirus; AVG Antivirus Free; Avira Prime; Bitdefender Internet Security; ESET Internet Security; G Data Total Security; Kaspersky Internet Security; McAfee Total Protection; Microsoft Defender Antivirus.
Of these, seven products reached either the ADVANCED or the ADVANCED+ rating.
The Advanced Threat Protection Test checks each security product’s ability to protect a computer against targeted attacks, which are known as “advanced persistent threats” (APTs). These are complex, multi-stage attacks that are aimed at a specific individual or organisation. Whilst the majority of such attacks may be ultimately aimed at infiltrating enterprise networks, an obvious means of doing this is to target the personal computers of staff members within the organisation. Additionally, cybercriminals may launch targeted attacks against individuals for other reasons. This means that protection against such attacks should be provided by consumer security programs, as well as corporate endpoint protection software. All of the tested products, consumer and enterprise, had to defend against 15 different complex targeted attacks.