AV-Comparatives is pleased to announce the release of the Endpoint Prevention and Response (EPR) Test findings, representing a pinnacle of complexity and challenge within the realm of enterprise security product assessments. For a detailed analysis of the EPR CyberRisk Quadrant™ and to delve into the findings, you can access the full report via the following link: https://www.av-comparatives.org/tests/endpoint-prevention-response-epr-test-2023/

The evolving landscape of targeted attacks poses significant threats to enterprises and public entities. Cybercriminals now target organizations for reasons spanning industrial espionage, sabotage, and profit. It is noteworthy that inclusion in the EPR report is subject to the vendor’s discretion, and some opt for anonymity if their products do not meet the rigorous testing standards imposed by AV-Comparatives.

The Role of EPR Products: To address these sophisticated threats, organizations increasingly turn to endpoint prevention and response (EPR) products. These solutions not only aim to thwart attacks but also facilitate detailed investigation, analysis, and response to attempted breaches. AV-Comparatives’ recently published Endpoint Prevention and Response Test report evaluates the effectiveness of leading EPR products in combatting and analyzing targeted attacks.

Distinguished Performers: We commend the transparency showcased by four of the twelve vendors subjected to our comprehensive testing, namely Check Point, ESET, Kaspersky and Palo Alto Networks. Their choice to publish results is an unmistakable in stride towards promoting a more enlightened and secure digital landscape. This actionable commitment affirms their dedication to the challenging process of continual improvement, engendering trust among users and within our industry. Regrettably, the remainder eight vendors elected not being named. This decision detracts from the shared goal within our industry to understand, address, and rectify endpoint security vulnerabilities and potential threats. Their results are included in the report to provide a comprehensive overview of the performance levels available in the market. We encourage these vendors to reconsider their stance in our future tests, as an open dialogue fosters growth and trust while facilitating an informed and secure digital environment appreciated by IT managers, CISOs, and tech-savvy professionals at large. 

Enterprise EPR CyberRisk Quadrant™: AV-Comparatives has developed an Enterprise EPR CyberRisk Quadrant™ that factors in each product’s effectiveness in preventing breaches, the resulting cost savings, product purchase costs, and operational and accuracy expenses.

Results Unveiled: The EPR Test, known for its comprehensive and realistic approach, has revealed valuable insights into the capabilities of leading endpoint prevention and response solutions. The test outcome sheds light on the performance of these solutions in addressing sophisticated and evolving cyber threats.

Expertise in Action: AV-Comparatives, drawing from over two decades of experience, has employed its unique expertise to provide precise assessments of security solutions. This extensive experience uniquely positions the EPR Test to offer an accurate portrayal of the capabilities of the evaluated products.

Complexity and Realism: The EPR Test, while mirroring real-world scenarios, is inherently manual due to its complexity, making it a resource-intensive endeavor. The methodology places a strong emphasis on prevention and response capabilities while taking into account operational accuracy and workflow efficiency. The assessment factors in costs associated with operational inefficiencies, underlining the importance of both efficacy and efficiency in security solutions.

A Comprehensive Assessment: This comprehensive evaluation encompasses the entire attack chain, from initial intrusion to data exfiltration and potential harm to the target system or network. The test phases include a spectrum of attack tactics commonly encountered by enterprises, ensuring a thorough examination of the products’ capabilities.

Real-World Simulation: To maintain the integrity of the assessment, vendors are not informed in advance of the exact test timing or attack specifics, simulating real-world conditions where attackers strike without warning. This approach ensures that products must provide continuous protection in practical scenarios.

Test Scenarios Based on Real Threats: The test scenarios draw inspiration from various Advanced Persistent Threat (APT) groups used to be attributed to different regions, including China, Russia, Iran, North Korea, and others. These scenarios align with publicly available cyber threat intelligence and are mapped to a range of ATT&CK techniques, providing valuable insights into the effectiveness of the products against complex attacks. While there may be overlap in techniques, subtechniques, and tools used, the scenarios do not replicate the actions of these APT groups.

Unlocking Comprehensive Insights: Beyond individual test results, readers seeking a holistic understanding of the protection and response capabilities of the tested EPR products should consider the results of other tests within AV-Comparatives’ Enterprise Main-Test Series. This multi-faceted approach ensures a well-rounded evaluation and appreciation of the performance and effectiveness of these security solutions.

AV-Comparatives remains steadfast in its commitment to delivering accurate and valuable information, empowering organizations and individuals to make informed decisions in the dynamic realm of cybersecurity.