Tag Archive for: Endpoint

Endpoint Protection / Antivirus Products Tested for Malware Protection

/in


AUSTIN, Texas – Aug. 25, 2022 — CyberRatings.org, the nonprofit entity dedicated to providing transparency on cybersecurity product efficacy, has published results of its Q2 2022 Endpoint Protection Comparative Test.

Focused on endpoint products that feature antivirus protection, the products tested were Avast Free Antivirus, AVG AntiVirus Free, ESET Internet Security, McAfee Total Protection, Norton 360, Microsoft Defender, Sophos Home Premium and Trend Micro Maximum Security.

“The bad guys are getting bolder and malware / ransomware campaigns continue to get more sophisticated,” said Vikram Phatak, CEO of CyberRatings.org. “Most infections occur in the first few hours after a new campaign is launched. The time it takes for a security product to block the attack matters a lot,” adds Phatak. “That is why we tested not only how much malware a product blocks, but how quickly it blocks an attack.”

Over 40,000 live tests were performed on each product, providing a ±0.49% margin of error. Trend Micro Maximum Security offered the most protection, blocking 97.97% of malware. Sophos Home Premium provided the second-highest protection, blocking 97.47%, followed by Microsoft Defender at 97.13%. Sophos was the quickest to add protection for previously unblocked malware, closely followed by Trend Micro.

With more businesses embracing remote work, a user’s protection is likely limited to the web browser and their endpoint protection product. Therefore, it’s important to be informed about which products are performing as advertised.

The Comparative Test Reports provide metrics for products blocking malware over time, average time a product added protection, and average time it took a product to add protection.

The test was funded by CyberRatings.org and no vendor paid to be in or out of the test. As a service to the community, CyberRatings.org is providing these reports for free.

The following endpoint protection / antivirus products were tested:

  • Avast Free Antivirus – v22.4.6011 (build 22.4.7175.725)
  • AVG AntiVirus Free – v22.4.3231 (build 22.4.7175.725)
  • ESET Internet Security – v15.1.12.0
  • McAfee Total Protection – v16.0 R46
  • Norton 360 (latest updates)
  • Sophos Home…

Source…

NetSecurity Corporation Reveals Why Endpoint Detection and Response (EDR) Platforms are Inadequate for Computer Forensics Investigation

/in


ThreatResponder® Platform Allows Enterprises and Forensics Firms to Conduct Deep and Legally-Defensible Remote Computer Forensic Investigations or Incident Response at Scale Within a Few Hours

DULLES, Va., Aug. 11, 2022 /PRNewswire/ — NetSecurity® Corporation, a leader in endpoint threat protection, vulnerability detection, and computer forensics investigations, announced today that traditional Endpoint Threat Detection and Response (EDR) platform and “collector scripts,” are inadequate to quickly and thoroughly conduct remote forensics investigation and incident response that can withstand legal scrutiny.

NetSecurity's ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks.
NetSecurity’s ThreatResponder® Platform is an all-in-one cloud-native and machine learning powered endpoint threat detection, prevention, response, analytics, intelligence, hunting, and forensics product. Unlike traditional endpoint threat detection and response (EDR) products, ThreatResponder is designed with Swiss-Army-Knife concept by combining multiple cybersecurity capabilities into a single platform delivered in a single-pane of glass to better protect digital assets against attacks.

When there is a data breach, insider threat, or a cyber attack, organizations often struggle to identify the right skills, tools or product to use for the investigation and often resort to open source scripts, freeware, collector scripts, or traditional EDR. These technologies do not scale and are not capable of conducting forensics at scale and timely. NetSecurity recognized this problem and developed ThreatResponder to help organizations conduct remote forensics investigation, eliminating travel costs and delays.

“Today’s adversaries remain relentless and highly sophisticated, often leveraging attack techniques or exploiting vulnerabilities that are largely unknown to defenders. A technology that can drill deep and tell the full story (of the who, what, when, where, why, and how) relating to attack or breach is imperative,” said Inno Eroraha, founder and chief strategist of NetSecurity. “ThreatResponder allows digital forensic investigators to conduct forensic investigations of thousands of computer systems wherever they may be located within hours instead of weeks or…

Source…

The Past, Present and Future of Endpoint Management Solutions

/in


Endpoint management is a simple concept that’s become more complex over time. Initially, it was about provisioning and managing the computers and devices that people use in your organization in the bring your own device (BYOD) and mobile computing era. Then the Internet of Things (IoT) made things far more complex. And now perimeter security is being replaced by zero trust. The evolution of endpoint management is one of tackling increasing complexity. 

In today’s complex world, you need a great unified endpoint management (UEM) solution.

Under the UEM umbrella, mobile device management (MDM) and enterprise mobility management (EMM) enable UEM for mobile and IoT devices, which is really the core of UEM in a remote and hybrid world. 

This didn’t use to be the case. In the past, UEM, MDM and EMM were all separate worlds of tools, practices and policies. But in recent years they’re merging into a single area in the UEM category. 

Of course, zero trust is a methodology, architecture and even a mindset — not a technology or specific set of tools. But UEM is strongly associated with zero trust because that approach calls for managing many aspects of all devices in the organization at a massive scale. 

Read the interactive white paper

Here Comes the Zero Trust Imperative

It’s a cliche to suggest that zero trust replaces perimeter security, but this is somewhat misleading on two counts. First, it’s not really about trust, per se. You may ‘trust’ any specific employee, or their device, but they still don’t get access without proper authentication. A perimeter still exists, and that perimeter is every endpoint. In other words, for attackers, every endpoint is a door. The zero trust approach makes sure every door stays locked. The person knocking on that door has to prove they are an authorized user using authorized software on an approved device. The security dimension of UEM is, in essence, the process of watching those doors at scale. 

That idea is conceptually simple. But watching the door really means making sure the lock is up to date and configured correctly, that the activity around that door looks normal, that any abnormal activity is investigated and that…

Source…

AV-Comparatives Releases Long-Term Test of 18 Leading Endpoint Enterprise & Business Security Solutions / July 2022

/in


The threat landscape continues to evolve rapidly, presenting antivirus vendors with new challenges. The test report shows how security products have adapted to these and improved protection over the years.

To be certified in July 2022 as an ‘Approved Business Product’ by AV-Comparatives, the tested products must score at least 90% in the Malware Protection Test, with zero false alarms on common business software, a rate below ‘Remarkably High’ for false positives on non-business files and must score at least 90% in the overall Real-World Protection Test over the course of four months, with less than one hundred false alarms on clean software/websites.

Endpoint security solutions for enterprise and SMB from 18 leading vendors were put through the Business Main-Test Series 2022H1: Acronis, Avast, Bitdefender, Cisco, CrowdStrike, Cybereason, Elastic, ESET, G Data, K7, Kaspersky, Malwarebytes, Microsoft, Sophos, Trellix, VIPRE, VMware and WatchGuard.

Real-World Protection Test: The Real-World Protection Test is a long-term test run over a period of four months. It tests how well the endpoint protection software can protect the system against Internet-borne threats.

Malware Protection Test:
The Malware Protection Test requires the tested products to detect malicious programs that could be encountered on the company systems, e.g. on the local area network or external drives.

Performance Test:
Performance Test checks that tested products do not provide protection at the expense of slowing down the system.

False Positives Test:
For each of the protection tests, a False Positives Test is run. These ensure that the endpoint protection software does not cause significant numbers of false alarms, which can be particularly disruptive in business networks.

Ease of Use Review:
The report also includes a detailed user-interface review of each product, providing an insight into what it is like to use in typical day-to-day management scenarios.

Overall, AV-Comparatives’ July Business Security Test 2022 report provides IT managers and CISOs with a detailed picture of the strengths and weaknesses of the tested products, allowing them to make informed decisions on which ones might be appropriate for their…

Source…