All reports

01/2024 - 03/2024

Endpoint Protection (EPS): Enterprise 2024 Q1

eps
lift your org's security into top 1%

Lift your org’s security into the top 1%

Back to security basics, lift your org’s security into top 1%. It’s a shocking statistic, but most businesses don’t have a cyber security plan. Given the lack of general interest in cyber security, it’s no wonder that ransomware and less obvious threats are running riot through computer systems all over the world.


The larger the organisation, the more complex its security needs, but at the very core the same old cliched advice still applies to everyone:

  • Apply security patches when available.
  • Back up your important data.
  • Use multi-factor authentication.
  • Use endpoint protection.
Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.

All reports

06/2024 - 06/2024

NetAppONTAP AutonomousRansomwareProtection with AI

Ransomware on the Network

Ransomware on the Network


Results from the largest public ransomware test. Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.

One reason why ransomware is so ‘popular’ is that the attackers don’t have to produce their own. They outsource the production of ransomware to others, who provide Ransomware as a Service (Raas). Attackers then usually trick targets into running it, or at least into providing a route for the attackers to run it for them. Artificial intelligence systems make the creation of such social engineering attacks easier, cheaper and more effective than ever before.



Ransomware attacks on the Network

In this report we have assembled a wide distribution of known ransomware malware and added variations designed to evade detection. We’ve listed the ransomware families used in Threat Intelligence on page 9. Each of these ransomware attacks targeted data that was monitored by NetApp’s solution.

If it can detect the changes made by known version of each of these files, all well and good. But if it can also detect changes made by each of the ransomware’s variations then we can conclude that the detection available is more proactive than simply reacting to yesterday’s unlucky victims.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.

All reports

01/2024 - 03/2024

Endpoint Protection (EPS): Enterprise 2024 Q1

eps
lift your org's security into top 1%

Lift your org’s security into the top 1%

Back to security basics, lift your org’s security into top 1%. It’s a shocking statistic, but most businesses don’t have a cyber security plan. Given the lack of general interest in cyber security, it’s no wonder that ransomware and less obvious threats are running riot through computer systems all over the world.


The larger the organisation, the more complex its security needs, but at the very core the same old cliched advice still applies to everyone:

  • Apply security patches when available.
  • Back up your important data.
  • Use multi-factor authentication.
  • Use endpoint protection.
Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.

All reports

08/2023 - 08/2023

SentinelOne Singularity for Endpoint

With Reboot vs. Without Reboot

Protection starts with the first installation.

Protection starts with the first installation

To reboot or not to reboot?

Protection starts with the first installation. “Turn it off and on again.” This global IT support advice is known to everyone, from Peppa Pig (Mummy Pig at Work) to The IT Crowd (every episode). But why? Why does rebooting a complex computer system solve so many problems? And why am I referring to British TV comedy in a serious report about computer security? We will answer one of those questions here.

SE Labs tested SentinelOne Singularity for Endpoint to determine its threat detection and protection abilities. The test also assessed the security available on an endpoint running a newly deployed installation of SentinelOne Singularity for Endpoint, without rebooting the system. The goal was the judge the different levels of effectiveness between an established installation of endpoint protection and a completely new, fresh installation.

Our reports help you choose the best enterprise security products that can protect you from ransomware and other types of attack. See the value of early protection systems.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [895.41 KB]

Test results

Installing computer software can be as simple as copying a program file from an external source. However, complex software needs more attention. It needs to integrate more fully with the operating system and potentially other programs already installed. Some programs share code for efficiency’s sake, for example.

When advanced applications need to embed into the operating system it’s common to require the administrator to reboot the system after installation. This allows different components of the new program to play nicely with the rest of the system. However, there are good reasons why you may not wish to reboot a system. It might be busy doing something useful, but you still need the new application to operate. Or you might be investigating a live security incident.

Conclusion

To conclude, SentinelOne Singularity for Endpoint claims to provide great protection, even before you reboot the system. We tested that claim in this report. Let’s find out if you really need to turn it off and on again, to stay safe. This report shows SentinelOne Singularity’s performance in this test with and without a reboot after installation.

All reports

10/2023 - 12/2023

Endpoint Security (EPS): Enterprise 2023 Q4

Essential Endpoint Security for Enterprise

Essential Endpoint Security Enterprise

Realistic attacks for useful results

Essential Endpoint Security for Enterprise. Keeping your organisation safe from online threats requires strong endpoint protection. It’s not just important – it’s crucial. So, it’s a good idea to regularly check how well it’s working. Essential endpoint security means checking if the security tools on devices like desktops, laptops, and mobiles do their job.

Why? Because these devices are often the target of online attacks. If they’re not protected, they can become a way for cybercriminals to get to your sensitive information.
Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attacks.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.

All reports

11/2023 - 11/2023

Enterprise Advanced Security (Ransomware): CrowdStrike Falcon 2023

CrowdStrike Ransomware

Ransomware vs. Endpoint Security

Ransomware vs. Endpoint Security – Results from the largest public ransomware test

In this report, we analyse ransomware vs. endpoint security. Ransomware is the most visible, most easily understood cyber threat affecting businesses today. Paralysed computer systems mean stalled business and loss of earnings. On top of that, a ransom demand provides a clear, countable value to a threat. A demand for “one million dollars!” is easier to quantify than the possible leak of intellectual property to a competitor.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [2.66 MB]

Product factsheet:

In this report, we have taken two main approaches to assessing how well products can detect and protect against ransomware.

Ransomware Deep Attacks

For the first part of this test, we analysed the common tactics of ransomware gangs and created two custom gangs that use a wider variety of methods. In all cases, we run the attack from the very start, including attempting to access targets with stolen credentials or other means. We then move through the system and sometimes the network, before deploying the ransomware as the final payload.

Ransomware Direct Attacks

The second part of the test takes a wide distribution of known malware and adds variations designed to
evade detection. We’ve listed the ransomware families used in Hackers vs. Targets on page 9. We sent each of these ransomware payloads directly to target systems using realistic techniques, such as through
email social engineering attacks. This is a full but short attack chain. In this part of the test, we ensure any protection features are enabled in the product.

All reports

07/2023 - 09/2023

Endpoint Security (EPS): Enterprise 2023 Q3

Critical Endpoint Protection Evaluations

Critical Endpoint Protection

Realistic attacks for useful results

Endpoint protection is a critical component of any organisation’s cyber security strategy

And if it’s critical then you should test it. And have others run assessments too. Testing endpoint protection involves evaluating the effectiveness of the security solutions that are deployed on endpoint devices such as desktops, laptops and mobile devices. Endpoint protection testing is necessary because endpoints are often the target of cyberattacks and can be used as a gateway to gain access to sensitive data.

Our reports help you choose the best home anti-malware product that can protect you from ransomware and other types of attack.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [1.24 MB]

SE Labs has extensive experience in endpoint protection testing, and we have found that it is essential to conduct these tests regularly to ensure that the security vendors are keeping them up-to-date and effective. Our testing methodology involves replicating real-world cyberattack scenarios and evaluating how well the endpoint security solutions perform in detecting, preventing, and mitigating those attacks.

One of the key aspects of endpoint protection testing is the use of realistic attack scenarios. Our team of experts analyses the latest threat intelligence and creates attack scenarios that closely mimic the tactics, techniques, and procedures used by real-world cybercriminals. By doing so, we can determine how well the endpoint security solutions perform in detecting and preventing these attacks.

Choose your reports and reviews carefully

We pride ourselves on a level of transparency that elevates our work above the less open reports available. But don’t just take our word for it. This report has gone through the AMTSO certification process to ensure that we say what we’re going to do; do it; and can prove it. Our results help vendors improve their products and buyers choose the best for their own needs.

Read this SE Labs assessment of world-leading endpoint security products and discover how they handle well-known threats and targeted attacks.

All reports

05/2023 - 09/2023

Content Disarm and Reconstruction (CDR): OPSWAT Deep CDR

Content Disarm and Reconstruction (CDR)

Content Disarm and Reconstruction (CDR)

Content Disarm and Reconstruction (CDR)

CDR tested for removal of known and unknown threats

SE Labs tested OPSWAT Deep CDR (Content Disarm and Reconstruction) against targeted attacks using file-based threats. These attacks are designed to compromise systems and penetrate target networks by hiding threats inside files that appear to be innocent.

Testers hid threats inside a variety of common file formats, such as office documents, web pages and archive files.

Content Disarm and Reconstruction (CDR) vs. hidden threats

These files were assessed by the CDR system, which attempted to remove known and unknown threats. The results show the extent to which the threat prevention system achieved that goal accurately.

Read more reports here.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [0.98 MB]

Product factsheet:

All reports

09/2023 - 09/2023

Enterprise Advanced Security (EDR): Cisco Secure Endpoint – DETECTION

Cisco Secure Endpoint - DETECTION

Cisco Secure Endpoint – DETECTION

Testing protection against fully featured attacks

SE Labs tested Cisco Secure Endpoint against targeted attacks based on the Turla threat. These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking group known as Turla operates to breach systems and networks.

An Endpoint Detection and Response (EDR) product is more than anti-virus, which is why it requires advanced testing. This means testers must behave like real attackers, following every step of an attack. While it’s tempting to save time by taking shortcuts, a tester must go through an entire attack to truly understand the capabilities of EDR security products.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [1.75 MB]

Product factsheets:

Results – Cisco Secure Endpoint (Detection)

Cisco scored a 100% Detection Accuracy Rating for detecting every element of the Turla attacks, starting from the delivery of the spear phishing attachment through to all the subsequent malicious activities in the attack chain. It also prevented all of the malicious activities from running, incurring no penalties for allowing the full or partial execution of targeted attacks. The product did not generate false positives, meaning that it didn’t wrongly detect or hamper harmless, legitimate software.

Read more of our reports here.

All reports

09/2023 - 09/2023

Enterprise Advanced Security (EDR): Cisco Secure Endpoint – PROTECTION

Cisco Secure Endpoint - PROTECTION

Cisco Secure Endpoint – PROTECTION

Testing protection against fully featured attacks

SE Labs tested Cisco Secure Endpoint against targeted attacks based on the Turla threat. These attacks are designed to compromise systems and penetrate target networks in the same way as the advanced persistent hacking group known as Turla operates to breach systems and networks.

There are many opportunities to spot and stop attackers. Products can detect them when attackers send phishing emails to targets. Or later, when other emails contain links to malicious code. Some kick into action when malware enters the system. Others sit up and notice when the attackers exhibit bad behaviour on the network.

Ultimately you want your chosen security product to prevent a breach one way or another, but it’s more ideal to stop a threat early, rather than watch as it wreaks havoc before stopping it and trying to clean up.

Loader Loading…
EAD Logo Taking too long?

Reload Reload document
| Open Open in new tab

Download [1.68 MB]

Cisco Secure Endpoint (Protection) Results

Cisco Secure Endpoint scored a 100% Protection Accuracy Rating for blocking every threat at the initial delivery stage. The product did not generate any false positives, meaning that it didn’t wrongly detect or hamper harmless, legitimate software.

It also prevented all of the malicious activities from running, incurring no penalties for allowing the full or partial execution of targeted attacks.

Read more of our reports here.

Contact us

Give us a few details about yourself and describe your inquiriy. We will get back to you as soon as possible.

Please enable JavaScript in your browser to complete this form.

Get in touch

Feel free to reach out to us with any questions or inquiries

info@selabs.com Connect with us Find us