Enterprise Advanced Security (EDR): Enterprise 2023 Q2 – DETECTION

Sector: Enterprise
Testing: April to June 2023

 

Endpoint Detection Compared

Endpoint Detection Compared

Endpoint Detection Compared

SE Labs tested and compared a variety of Endpoint Detection and Response products against a range of hacking attacks designed to compromise systems and penetrate target networks in the same way as criminals and other attackers breach systems and networks. Full chains of attack were used, meaning that testers behaved as real attackers, probing targets using a variety of tools, techniques and vectors before attempting to gain lower-level and more powerful access. Finally, the testers/ attackers attempted to complete their missions, which might include stealing information, damaging systems and connecting to other systems on the network.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [3.30 MB]

Product factsheets:

Bitdefender GravityZone
CrowdStrike Falcon
Kaspersky EDR Expert

Malwarebytes EDR
Microsoft 365 Defender
Symantec Endpoint Security Complete

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Each step of the attack must be realistic too. You can’t just make up what you think bad guys are doing and hope you’re right. This is why SE Labs tracks cyber criminal behaviour and builds tests based on how bad guys try to compromise victims. The cyber security industry is familiar with the concept of the ‘attack chain’, which is the combination of those attack steps.

Fortunately, the MITRE organisation has documented each step with its ATT&CK framework. While this doesn’t give an exact blueprint for realistic attacks, it does present a general structure that testers, security vendors and customers (you!) can use to run tests and understand test results.

Sign up to our monthly business and personal security newsletters.

Find out more

Our latest reports, for enterprise, small business and home users are now available for free. Please download them and follow us on LinkedIn to receive news, comment, updates and future reports.

Visit our blog for more security testing news, analysis and the Cyber Security DE:CODED podcast.