It’s that time again: The Endpoint Protection Solutions Report (EPSR) is entering the next round!
The endpoint is and remains the last line of defence in the Cyber-kill chain. If the attack cannot be blocked here, then where? Current endpoint protection solutions therefore strive to offer the highest possible protection with the minimum possible utilisation of system resources. How they do that, for example, without a signature or mainly based on hash values, does not initially play a major role.
The effects of weak endpoint protection can already be seen in our last blog series with the theme Endpoint Protection. Ransomware campaigns like NotPetya/Petwrap and WannaCry show how important preventative endpoint protection is.
It’s incredible that these campaigns have retained the same approach without the basic idea ever changing: first, sneak past the existing protection solutions of a company to penetrate to the last system – the endpoint. Here as much damage as possible should be caused by encrypting all files (at the endpoint as well as on network drives) and ultimately make a ransom demand. Valuable company transactions are lost and sales, inventory management or even production come to a standstill if you do not pay the ransom.
Even more amazing, however, is how helpless many tools are at confronting campaigns which operate on a similar principle.
Endpoint Protection Solutions today need to be armed against a variety of attacks, in order to provide adequate protection. It’s not just about ransomware.
To avoid damage and expense, we need to protect endpoints from malware and exploitation, in a way that is as independent as possible from constant updates, an on-premise/off-premise solution, and provide intelligent and automated threat intelligence.
The agonising question is: what does one really protect oneself with? What kind of performance can the tools of various providers really provide – beyond marketing claims and sugarcoated statistics? This is where the Endpoint Protection Solutions Report (EPSR) should provide better information. This was a vendor-independent test, conducted by qualified cyber analysts and security experts.
The 3rd Report – all good things come in threes?
Again, the latest versions from leading anti-virus manufacturers have been extensively tested under realistic conditions.
The report has been increased again – with more malware samples (8000 units in total) which should provide a more detailed result for each individual solution. More sophisticated obfuscation methods were used than in the last report (fogging of file contents and thus changed hash values). Also among the innovations: a more elaborate holiday test (test devices 14 days offline before the recognition rate is determined).
The detailed test results are available for free download as a white paper on the iT-CUBE SYSTEMS website.