The AV-Comparatives EPR test is the most comprehensive assessment of its kind in the world.
Each of the 10 products in the test were subjected to 50 separate targeted attack scenarios.
The top Strategic Leader Award was given to Bitdefender, Palo Alto Networks, Check Point, CrowdStrike, F-Secure, Cisco and ESET. Symantec by Broadcom was awarded with the CyberRisk Visionaries award. Two further vendors reached the Strong Challengers award.
The Strategic Leader award is given to EPR products which showed a very high return on investment and a provide a very low total cost of ownership. These products demonstrate outstanding enterprise-class prevention, detection, response, and reporting capabilities, combined with optimal operational and analyst workflow features.
Top iTechnology Networking News: Emerging Tech Expert Tina Tuli Joins Firstlight Media as VP, Global Marketing
Peter Stelzhammer, co-founder of AV-Comparatives, said:
“C************** to our Strategic Leaders. These winners show others the way forward by setting and meeting ambitious targets. They develop ground-breaking ideas and implement these in their products.”
“Security breaches can have significant financial impacts, with the average cost of a breach now standing at $4.24 million, according to IBM.”
“An effective EPR product that minimises the negative impact of an attack can be a very good investment. If a company stands to lose $2 million if an attack, then spending half of that on security measures makes good financial sense.”
Enterprises use EPR products to detect, prevent, analyse, and respond to targeted attacks such as advanced persistent threats (ATPs). They should be able to detect and block malware and network attacks on individual workstations as well as dealing with multi-stage attacks designed to infiltrate an organisation’s entire network.
Top iTechnology Digital Transformation News: Industry-Leading, Autonomous Decision Science Platform Provider Enterra Solutions is Growing Team
In addition to protecting individual devices, EPR systems should also provide detailed analysis of an attack’s origin, methods and aims in order to allow security staff to understand the nature of the threat, prevent it from spreading, repair damage and take precautions to prevent similar attacks in the future.
The EPR test involves a variety of different techniques. When left unchecked, the attacks progress through three separate phases: Endpoint Compromise and Foothold; Internal Propagation and Asset Breach.
The tests determined whether the product detected the attack, took automated action to block the threat (active response), or provided information about the attack which the administrator could use to take action themselves (passive response).
If an EPR product did not block an attack at one stage, the attack would continue to the next phase.
Each tested products were given a window of 24 hours after the start of an attack. Testers examined the ability of each product to take remedial action such as isolating an endpoint from the network, restoring it from a system image, or editing the Windows Registry.
AV-Comparatives also tested every products’ ability to investigate the nature of an attack, including a timeline and breakdown of phases. Finally, the ability of each product to collect and present information on indicators of compromise in an easily accessible form was assessed.
Top iTechnology Automation News: UiPath Partners with Coursera to Offer Automation Skills Courses to Millions of Learners Worldwide
[To share your insights with us, please write to sghosh@martechseries.com]