Back to overview

Test: Endpoint Protection Solutions Report 07/2017

The infection begins at the endpoint – in the business world, this means: at the workstation of an employee, a server or simply any device that is connected to the Internet. In order to prevent the worst, awareness campaigns and training courses for the staff can help to a certain extent. But especially WannaCry has proven it very clearly: modern malware is not necessarily dependent on user interaction.

The latest Ransomware campaigns this year showed the impact of vulnerable endpoint protection: NotPetya / Petwrap and WannCry were able to cause significant damage through a long-known security vulnerability, which was deemed to have already been closed by patches.

Various solutions are available for the protection of endpoints, but which ones are really suitable in real life? Manufacturers like to advertise with high recognition rates – what remains unspoken is that even long-dated malware is included in the tests, which are rarely spotted “in the wild” any more and pose a marginal risk at worst. Also, the exact test setup where such scores were accheived remains a mystery.

When production is at a stand-still that might be the end

An operational endpoint protection is one ot the fundamental basics of IT security in a business scenario. Compromised systems and partial or complete failures of the IT have just recently taken their toll: the damage excedes millions, not to mention the resulting loss in reputation. This can have a particularly critical effect, especially for SMEs. The most important protection against Ransomware campaigns or malware in general lies with the endpoint itself. It is the gateway to the company network and thus to sensitive data of a company.

Once the malware has sucessfully invaded a computer, it can spread through “lateral movement,” which is the progressive propagation in the network (as practiced by PsExec in NotPetya).

Endpoints should therefore be permanently secured, even if they are only occasionally connected to the network or have no direct Internet access. It also doesn’t matter whether the solution used is operated online or offline, on-premises or in the cloud.

Protection is the chief requirement, but what to use?

Awareness of the danger is very present recently. The time to invest money in protection is now. This is always better than paying cyber-extortionists later – or to thow money at a dubious insurance (more in the article here about Cyber Insurances). The impression that the payment of money (for example in the case of a Ransomware attack) is more favorable than bearing the serious consequences when several sites are paralyzed for a few days is deceptive. By now the days are long gone when hackers still adhered to the “Ransomware code of ethics”, which dictated to actually provide the decryption key when the victims pay.

The agonizing question is: How do you really protect yourself? What can the various products really do – beyond marketing claims and polished statistics? The Endpoint Protection Solutions Report (EPSR) is intended to provide better insight. The test was conducted independent of the manufacturers, by qualified cyberanalysts and security experts.

Endpoint Protection Solutions Report – The big test is back for a second round

The current report is more than just a repetition of the previous test with new product versions. The test setup, in which current malware samples were mutated and performed on test computers, has been expanded in several ways. For instance, more malware samples from more different sources were used to simulate a wider range of different attacks.

Several new test candidates were added as well: In the first issue, only Kaspersky Endpoint Security for Business Advanced, Symantec Endpoint Protection, Palo Alto Networks Traps, SOPHOS Endpoint Protection (with Intercept X) and Cylance Protect were compared. This time, McAfee ENS, TrendMicro OfficeScan Endpoint Protection and Microsoft’s Windows Defender were tested as well.

In addition, a new test was introduced: In the so-called “Holiday Test” the clients were disconnected from the network for five days, and then supplied with fresh malware – but not with updates. This scenario is intended to simulate the case that an employee comes back from vacation and starts using his computer without updating the malware protection immediately.

You can find the detailed testresults as whitepaper on the iT-CUBE SYSTEMS page for free download.

Get the Testresults here >>

 


Bild: ©iT-CUBE SYSTEMS AG 2017

Leave a Reply