Does your Endpoint protect you against Advanced Threats? AV-Comparatives tested 15 IT Security Products
AV-Comparatives releases results of 2020 Advanced Threat Protection Test for 8 enterprise and 7 consumer security products.
Independent, ISO-certified security testing lab AV-Comparatives has released the results of its 2020 Enterprise Advanced Threat Protection Test. 15 endpoint protection programs for Windows 10 were put through their paces.
Tested Enterprise Endpoint Protection:
Avast Business Antivirus Plus, Bitdefender GravityZone Elite Security, CrowdStrike Falcon Pro, ESET PROTECT Entry, Fortinet FortiClient with FortiSandbox and FortiEDR, Kaspersky Endpoint Security for Business Select, SparkCognition DeepArmor Endpoint Protection Platform and Vipre Endpoint Security Cloud.
Tested Consumer Internet Security Software:
Avast Free Antivirus, AVG Free Antivirus, Bitdefender Internet Security, ESET Internet Security, F-Secure SAFE, Kaspersky Internet Security and Vipre Advanced Securit
The Advanced Threat Protection Test checks each security product’s ability to protect a computer against targeted attacks called advanced persistent threats. These are complex, multi-stage attacks that are aimed at a specific individual or organisation. Whilst the majority of such attacks may be ultimately aimed at infiltrating enterpise networks, an obvious means of doing this is to target the personal computers of staff members within the organisation. This means that protection against such attacks should be provided by consumer security programs, as well as corporate endpoint protection software.
All of the tested products had to defend against 15 different complex targeted attacks.
AV-Comparatives’ Advanced Threat Protection Test uses a variety of different attack scenarios, which the tested programs have to defend against. Targeted attacks employ various different techniques to avoid detection by security software. These include fileless attacks, code obfuscation, and the use of legitimate operating-system tools. Disguising malicious code also makes it hard for a security program to recognise. The misuse of legitimate system programs for malicious purposes also makes it easier for cybercriminals to stay under the radar of security measures.
In the Advanced Threat Protection Tests, AV-Comparatives use hacking and penetration techniques that allow attackers to access internal computer systems. These attacks can be broken down into Lockheed Martin’s Cybersecurity Kill Chain, and seven distinct phases – each with unique IOCs (Indicators of Compromise) for the victims. All our tests use a subset of the TTP (Tactics, Techniques, Procedures) listed in the MITRE ATT&CK(TM) framework. A false alarm test is also included in the reports.
The Advanced Threat Protection Test is an add-on test on top of the AV-Comparatives’ Business Main Test Series, which includes the Malware Protection Test, Real-World Protection Test, and Performance Test. The 2020 H2 report of the Main Test series is due for release later this month.
Also due for release in December is the report of AV-Comparatives’ Endpoint Prevention and Response (EPR) Test. EPR products are expected not only to protect endpoints against targeted threats, but also to provide detailed information on the attacks, for investigation and analysis purposes. The report will include test results, an overview of functionality, and a breakdown of total cost of ownership for each tested product.
Like all AV-Comparatives’ public reports, the report of the 2020 Advanced Threat Protection Test for enterprise products can be downloaded free of charge from the institute’s website, www.av-comparatives.org. AV-Comparatives is an independent testing lab based in Innsbruck, Austria, and has been publicly testing computer-security software since 2004. It is ISO 9001:2015 certified for the scope “Independent Tests of Anti-Virus Software”. It also holds the EICAR certification as a “Trusted IT-Security Testing Lab”.