AV-TEST Protection Solutions vs. Ransomware in the Advanced Threat Protection Test

Disclaimer
  1. This test shows how an antivirus behaves with certain threats, in a specific environment and under certain conditions.
    We encourage you to compare these results with others and take informed decisions on what security products to use.
    Before buying an antivirus you should consider factors such as price, ease of use, compatibility, and support. Installing a free trial version allows an antivirus to be tested in everyday use before purchase.

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
All major ransomware attacks follow a certain attack pattern of APT groups. That's why the lab at AV-TEST simulated attacks on 14 protection solutions for corporate users with 10 sophisticated Advanced Persistent Threat scenarios, trying to encrypt the systems per ransomware. In doing so, each defensive step was evaluated according to the pattern of the MITRE ATT&CK Matrix. The test revealed: Many corporate products are good system defenders.

Every day, protection solutions for corporate users normally have to detect, classify and fend off thousands of attackers. The lab at AV-TEST already assesses this classical protection every two months with its certification tests for corporate protection software and thus evaluates the consistent security of the products.

In the latest Advanced Threat Protection test, the lab evaluated 14 endpoint protection platforms (EPP) in terms of their performance against new, still unknown attack scenarios with ransomware, as they are normally carried out by hacker groups. Unfortunately, many such attacks have been successful in the past, as evidenced by numerous media reports.

Various security companies have already designated numbers from 1 to 41 for several APT groups, as they also show up under several names. Others stick to a group description. APT38, for example, deployed Hermes ransomware, with AES 256-bit encryption. APT41 bought the ransomware-as-a-service (RaaS) encryptor RaaS and used it to extort companies. The FIN7 group mounted specialized attacks on ESXi virtualization servers of VMware with Darkside ransomware. Also notorious is the TA505 group, which encrypted large volumes of data with the LockerGoga ransomware. This software was used against the Norwegian aluminum manufacturer Norsk Hydro, for example. Many smaller APT groups without special names recurringly rely on variants of successful ransomware, such as REvil, Ryuk, Maze, Conti or NotPetya.
The results:
Chart:
csm_1121_EPP_B2B_Ergebnis_EN_aa8c44e858.jpg
 

russ0408

Level 5
Verified
Well-known
Jul 28, 2013
238
Why would anyone using Windows pay for the antivirus? Look at the results of Defender, they are right up there with all the top notch. Right now I'm using Defender UI one with Voodooshield integrated in it. It's light no adds what more can I say just works great!!
 
  • Like
Reactions: tipo and Nevi

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
There can be several reasons for not using Defender. You can find them on several MalwareTips threads.
Of course, Defender can be a very good starting point for home users, especially when using advanced ATP features (not available from Windows Security Center).
Anyway, this test was performed for Enterprises where one cannot use a tweaked Defender free, but must buy Microsoft Defender for Endpoint, or a subscription for Microsoft 365 Defender, etc. The prices are not low, so there is room for competition.
 

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
There can be several reasons for not using Defender. You can find them on several MalwareTips threads.
Of course, Defender can be a very good starting point for home users, especially when using advanced ATP features (not available from Windows Security Center).
Anyway, this test was performed for Enterprises where one cannot use a tweaked Defender free, but must buy Microsoft Defender for Endpoint, or a subscription for Microsoft 365 Defender, etc. The prices are not low, so there is room for competition.
A lot of these other solutions provide better integration too with their firewall or network access control solution, or other operating systems.

When a test has 10+ solutions scoring the same top score, one has to wonder too if it’s not really demonstrating the difference between these products.
 
  • Like
Reactions: roger_m and Nevi

Andy Ful

From Hard_Configurator Tools
Verified
Honorary Member
Top Poster
Developer
Well-known
Dec 23, 2014
8,513
A lot of these other solutions provide better integration too with their firewall or network access control solution, ...
Yes, this is true for Defender free. But in the paid versions for Enterprises, everything is well integrated on the top level.



In SMBs an interesting solution is Microsoft for Endpoint that costs $120 per 1 user (1 year). But, other vendors can offer a lower price for 5 or 10 users. For example, Kaspersky Endpoint Security Cloud Plus costs $324.5 per 5 users (1 year).
 
Last edited:

MacDefender

Level 16
Verified
Top Poster
Oct 13, 2019
784
Yes, this is true for Defender free. But in the paid versions for Enterprises, everything is well integrated on the top level.



In SMBs an interesting solution is Microsoft for Endpoint that costs $120 per user (1 year). But, other vendors can offer a lower price for 5 or 10 users. For example, Kaspersky Endpoint Security Cloud Plus costs $324.5 per 5 users (1 year).

Oh I mean if they have already chosen another vendor for a different part of their network access solution.

For example, Sophos endpoint protection integrates really well with their XG firewall and you can even do things like automatically move infected or out of date hosts onto a different subnet if their endpoint protection doesn’t respond in time. Central management for Defender ATP is indeed getting quite good!
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top