17 Endpoint Security Solutions for Windows put to the Test
Cybersecurity at the endpoint has been a major topic since the widespread ransomware campaigns of APT groups and the collateral damage from the Ukraine-Russia conflict. In its test series on security solutions for corporate users, the lab at AV-TEST evaluated 17 endpoint solutions under Windows 10. The test saw many manufacturers delivering strong results, even earning the additional recognition of TOP PRODUCT.
While media coverage names many companies as victims, it doesn't talk about the – luckily – countless cases where attacks were fended off. But that is what many companies report in various studies. In recent studies, over 80 percent of the European companies surveyed related that their firewalls had been attacked several times over the year and had fought off the attacks successfully. The statistics for the rest of the world are presumably quite similar. The favorite point of attack: endpoints in companies. In these attempts, the attackers rely on the notion that employees will fail to detect an attack. All the more reason for good endpoint security to provide perfect service and to take risky decisions out of the hands of people from the beginning.
17 endpoint solution tested in the lab
To comprehensively evaluate an endpoint solution's quality of protection, the lab examines each product for corporate users in the categories of protection, performance and usability (primarily false alarms). In terms of protection, the test category is even further divided up into the real-world test with so-called zero-day malware and the test with the reference set containing recently uncovered malware.
The lab test from January and February 2023 under Windows 10 included the products for corporate users from the following manufacturers: AhnLab, Avast, Bitdefender (Endpoint and Ultra version), Check Point, Kaspersky (Endpoint and Small Office version), Malwarebytes, Microsoft, Seqrite, Sophos, Symantec, Trellix, Trend Micro, VMware, WithSecure and Xcitium.
A brief look at the test result shows many impressive scores. Accordingly, a total of 7 security solutions completed the test with the maximum achievable point score of 18, and an additional 7 attained an excellent score of 17.5. The lowest point scores were 17 out of 18 points, representing a very high level of security.
Protection: the cornerstone of defense
If malware is detected and stopped immediately, this means that it does not need to be blocked by additional security mechanisms of a solution, involving extra work. That is why the protection test evaluates in two stages the products' effectiveness in detection. In the real-world test, the solutions are required to detect over 350 samples of zero-day malware. In the second stage with the reference set, the object is to filter out and delete additional dangerous malware samples, nearly 12,000. In order to put an even finer point on the result, the lab repeated the entire January test in February.
The high number of malware samples to be detected is not an easy task. And yet the following 11 out of the 17 products delivered 100-percent malware detection in both test stages: AhnLab, Avast, Bitdefender (Endpoint and Ultra version), Check Point, Kaspersky (Endpoint and Small Office version), Microsoft, Symantec, Trellix and Trend Micro. They all received a score of 6 points.
A pity for Xcitium: while it fended off all of the particularly dangerous zero-day malware samples, it only reached 99.9 instead of 100 percent in the reference set in both months.
Sophos and WithSecure struggled with minor problems in one test month of the real-world test: each scoring 99.5 percent. The second month ran error-free.
VMware and Seqrite committed minor errors in detection in both test months of the real-world test: They achieved 98.9 percent in the first month and Seqrite attained 99.4 percent in the second month.
Malwarebytes achieved 98.9 percent, the same scores as VMware and Seqrite in the first test month of the real-world test, but in the second month it only reached 97.8 percent, thus conceding important points.
Performance: the acceptance in an office PC
Workers quickly become irate if their office PCs start juddering or hesitating due to the security software's surveillance of the system. To make sure that won't happen, the lab at AV-TEST evaluates how many system resources are used by the endpoint solutions under Windows. The testers carry out typical operations on several fast high-end PCs and slow office PCs, such as copying files, performing downloads or launching websites. The times measured for these operations then serve as reference values. In the second cycle, they repeat exactly the same operations, but this time with installed security software. The test indicates that unfortunately not all endpoint solutions use system resources sparingly.
But the fact that it is possible to do so is manifest in the products from Avast, Bitdefender, Check Point, Kaspersky (both versions), Malwarebytes, Seqrite Trellix and Trend Micro. For their conservative use of system resources under Windows 10, all the products garnered the full 6 points.
A somewhat higher system load was generated by the system agents from AhnLab, Bitdefender (Ultra), Sophos, Symantec and WithSecure. In these solutions, the testers found a measurable load, and thus made a slight point deduction. These products reached 5.5 out of the possible 6 points.
Only Microsoft, VMware and Xcitium were conspicuous in their somewhat higher system load, and as a result, all had a full point taken off: 5 points.
Usability: the war of nerves through false alarms
Under the test category of usability, the lab examines the behavior of the security agents under Windows in terms of how they handle harmless websites, applications and files. All too often, in the past, there were false positives in this test category, where the software sounded an alarm where none was necessary. In the test, the experts installed popular programs and launched them. In addition, they copied over 1.3 million harmless files to be examined onto the hard drive of the system. Finally, the testers visited 500 innocuous websites.
The result is perfect: All the products earned the maximum point score of 6 for their performance.
Office security: a wide selection for corporate users
Companies seeking an adequate security solution for their requirements really needn't worry about whether the solutions also provide sufficient protection. The final table shows: 14 out of the 17 security solutions for office PCs with Windows 10 examined managed to achieve the perfect score of 18 or an excellent score of 17.5 points in the test. But even the last three finishers with 17 out of 18 points each indicate the high level of security on which the products are running.
If a corporate user looks solely at the detection of attackers, such as Trojans, viruses or ransomware, then a total of 11 solutions passed in flying colors with 100-percent detection throughout the entire test period.
In case the test scores are still not sufficient to make a decision, responsible managers ought to take a closer look at the Advanced Threat Protection tests. In this test series, the lab confronts the line-up of endpoint products with additional real-life attack scenarios and evaluates their performance.