SE Labs, a prominent computer security testing company, has recently released its latest Enterprise Advanced Security Report. The report focuses on comparing six leading Endpoint Detection and Response (EDR) products and evaluating their effectiveness in detecting and responding to cyber threats. Out of the six products tested, three stood out with perfect scores for their detection accuracy and effective response – CrowdStrike Falcon, Kaspersky EDR Expert, and Symantec Endpoint Security Complete.
The results of SE Labs’ comprehensive test provide valuable insights for businesses in search of reliable endpoint security solutions to safeguard their critical assets from constantly evolving cyber threats. SE Labs’ evaluation is considered highly rigorous as it exposes market-leading endpoint security products to a wide range of threats in real-world attack scenarios. The test simulations conducted by SE Labs are based on actual attack scenarios that have occurred over the past few years.
According to SE Labs CEO Simon Edwards, an Endpoint Detection and Response product goes beyond the capability of traditional antivirus software. Therefore, advanced testing is crucial to truly understand the effectiveness of EDR security products. SE Labs aims to replicate real attackers and meticulously follow each step of an attack to assess the capabilities of the tested products.
The primary objective of the test conducted by SE Labs was to assess the effectiveness of various security solutions against hacking attacks. These attacks are designed to compromise systems and infiltrate target networks, mimicking the tactics employed by criminals and other malicious actors. Throughout the testing process, the SE Labs team replicated full chains of attacks, utilizing various tools, techniques, and vectors to gain lower-level and more powerful access. The team also aimed to complete missions such as data exfiltration, system damage, and lateral movement within the network.
The test focused on examining specific aspects of each product’s performance. Three key areas of evaluation included:
1. Detection of targeted attacks: The products were assessed based on their ability to detect the delivery of targeted attacks accurately. This included identifying specific indicators and patterns that indicate a potential attack.
2. Tracking the attack chain: SE Labs went beyond evaluating the endpoint and examined how well the products tracked different elements of the attack chain within the wider network. This assessment aimed to determine the products’ ability to identify and respond to malicious activities occurring beyond the initial point of contact.
3. Handling of legitimate files and potential threats: The team assessed how well the products managed legitimate files alongside potential threats. This evaluation aimed to determine the effectiveness of the products in detecting false positives or any sub-optimal interactions with legitimate files.
The results of the test revealed that all the tested products demonstrated the ability to detect certain parts of each targeted attack. Additionally, they were able to track most subsequent malicious activities during the simulated attacks.
For those interested in accessing the full report and understanding the findings in depth, it is available on SE Labs’ website at the following link: https://selabs.uk/reports/enterprise-advanced-security-edr-enterprise-2023-q2-detection/.
SE Labs is an independent testing company that specializes in evaluating computer security products and services intended for detecting attacks, protecting against intrusions, or providing both functionalities. The company conducts technically accurate and relevant tests with the utmost integrity, both privately and publicly. In addition to private testing, SE Labs also produces reports that are accessible to the public.
To learn more about SE Labs and its testing methodology, please visit their website at www.selabs.uk.