This report is available through the Advanced Endpoint Protection (AEP) Category Subscription. All of our subscription options can be viewed here.
Thomas Skybakmoen, Morgan Dhanraj
Neither traditional antivirus (AV) nor next-generation AV for the endpoint are effective in protecting against today’s advanced threats. The threat landscape has evolved rapidly—new evasion techniques, exploits, and advanced malware leverage various threat vectors to exploit vulnerabilities within operating systems and applications on endpoints. This means that protecting the endpoint today requires a fundamentally different approach.
Advanced endpoint protection (AEP) products focus on preventing cybercriminals from ever reaching or executing on the endpoint. These products employ sophisticated techniques such as machine learning, pattern recognition, or predictive algorithms to detect and block malware and to contain suspicious activities. Additionally, AEP products monitor processes running on endpoints, detect any communication with potentially malicious hosts, and conduct audits of file systems and registries. To enhance the user experience, AEP products typically automate threat remediation policies as well as provide containment capabilities to protect the endpoint.
Several leading AEP products have expanded their technology to provide not only prevention and blocking of attacks but also greater visibility into suspicious activities and richer forensic information. This is especially useful for organizations that do not have skilled security analysts.
This report uses data from NSS’ individual AEP Test Reports to create Security Effectiveness ratings for each product. Products are scored on multiple factors that affect the overall security effectiveness of the system, including:
- AEP exploit blocking capabilities
- AEP anti-evasion capabilities (resistance to common evasion technique)
The following products were evaluated:
- Bitdefender GravityZone Elite v184.108.40.2065
- Carbon Black Cb Defense v220.127.116.11
- Cisco AMP for Endpoints v6.0.5
- Comodo Advanced Endpoint Protection v3.18.0
- Cylance CylancePROTECT + OPTICS v2.0.1450
- Endgame Endpoint Security v2.5
- enSilo Endpoint Security Platform v2.7
- ESET Endpoint Protection Standard v6.5.522.0
- FireEye Endpoint Security v4
- Fortinet FortiClient v5.6.2
- G DATA Endpoint Protection Business v18.104.22.168
- Kaspersky Lab Kaspersky Endpoint Security v10
- Malwarebytes Endpoint Protection v22.214.171.124
- McAfee Endpoint Security v10.5
- Palo Alto Networks Traps v4.1
- Panda Security Panda Adaptive Defense 360 v2.4.1
- SentinelOne Endpoint Protection Platform (EPP) v126.96.36.19948
- Sophos Endpoint Protection 10.7.6 VE3.70.2
- Symantec Endpoint Protection and Advanced Threat Protection (ATP) Platform v14.0.3876.1100
- Trend Micro Smart Protection for Endpoints v12.0.1864
To learn how vendors performed, download a copy of each Test Report. NSS clients can also download the AEP Comparative Reports on Security Value Map and Total Cost of Ownership.
As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.