Advanced Endpoint Protection
AEP 2018 Comparative Report: Security Value Map™

AEP 2018 Comparative Report: Security Value Map™

This report is available through the Advanced Endpoint Protection (AEP) Category Subscription. All of our subscription options can be viewed here.

Thomas Skybakmoen, Morgan Dhanraj


Neither traditional antivirus (AV) nor next-generation AV for the endpoint are effective in protecting against today’s advanced threats. The threat landscape has evolved rapidly—new evasion techniques, exploits, and advanced malware leverage various threat vectors to exploit vulnerabilities within operating systems and applications on endpoints. This means that protecting the endpoint today requires a fundamentally different approach.

Advanced endpoint protection (AEP) products focus on preventing cybercriminals from ever reaching or executing on the endpoint. These products employ sophisticated techniques such as machine learning, pattern recognition, or predictive algorithms to detect and block malware and to contain suspicious activities. Additionally, AEP products monitor processes running on endpoints, detect any communication with potentially malicious hosts, and conduct audits of file systems and registries. To enhance the user experience, AEP products typically automate threat remediation policies as well as provide containment capabilities to protect the endpoint.

Several leading AEP products have expanded their technology to provide not only prevention and blocking of attacks but also greater visibility into suspicious activities and richer forensic information. This is especially useful for organizations that do not have skilled security analysts.

Empirical data from individual Test Reports and Comparative Reports is used to create NSS Labs’ unique Security Value Map™ (SVM). The SVM illustrates the relative value of security investment by mapping the Security Effectiveness and the Total Cost of Ownership (TCO) per Protected Agent (Value) of tested product configurations. 



The following products were evaluated:

  • Bitdefender GravityZone Elite v6.2.31.985
  • Carbon Black Cb Defense v3.0.2.2
  • Cisco AMP for Endpoints v6.0.5
  • Comodo Advanced Endpoint Protection v3.18.0
  • Cylance CylancePROTECT + OPTICS v2.0.1450
  • Endgame Endpoint Security v2.5
  • enSilo Endpoint Security Platform v2.7
  • ESET Endpoint Protection Standard v6.5.522.0
  • FireEye Endpoint Security v4
  • Fortinet FortiClient v5.6.2
  • G DATA Endpoint Protection Business v14.1.0.67
  • Kaspersky Lab Kaspersky Endpoint Security v10
  • Malwarebytes Endpoint Protection v1.1.1.0
  • McAfee Endpoint Security v10.5
  • Palo Alto Networks Traps v4.1
  • Panda Security Panda Adaptive Defense 360 v2.4.1
  • SentinelOne Endpoint Protection Platform (EPP) v2.0.1.10548
  • Sophos Endpoint Protection 10.7.6 VE3.70.2
  • Symantec Endpoint Protection and Advanced Threat Protection (ATP) Platform v14.0.3876.1100
  • Trend Micro Smart Protection for Endpoints v12.0.1864

To learn how vendors performed, download a copy of each Test Report. NSS clients can also download the AEP Comparative Reports on Security and Total Cost of Ownership.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results. 

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.