December 18, 2023 | Antivirus for Windows
  • Share:

Advanced EDR Test 2023: Bitdefender's Endpoint Security Tools

AV-TEST conducted a rigorous assessment of Bitdefender's Endpoint Security Tools with its Endpoint Detection and Response (EDR) capabilities between November 2022 and January 2023. The evaluation was designed to measure the effectiveness of Bitdefender's EDR in identifying and thwarting malicious activities typically associated with advanced persistent threats (APTs). The study involved a series of red-team attacks simulated in two distinct detection scenarios, each encompassing various tactics and techniques that an attacker may employ.

A test commissioned by Bitdefender

and performed by AV-TEST GmbH


Scenario 1 - Hafnium-Style Unauthorized Data Exfiltration: Assess your network's readiness against a simulated cyber threat inspired by Hafnium, a notorious state-sponsored actor. This scenario replicates Hafnium's tactics, involving spear-phishing, lateral movement, data exfiltration, and evasion techniques. It aims to evaluate your organization's ability to detect, respond to, and mitigate sophisticated attacks, providing valuable insights into your cybersecurity resilience.

Scenario 2 - Lazarus-Style Unauthorized Data Access and Lateral Movement: Evaluate your system's defenses against a simulated cyber threat reminiscent of the Lazarus group, a nation-state-sponsored threat actor known for advanced attacks. This scenario involves phishing, data collection, payload execution, privilege escalation, data exfiltration, mirroring Lazarus's tactics. It assesses your system's security posture and incident response capabilities against sophisticated threats, helping you identify vulnerabilities and enhance your defenses.

In Scenario 1, designed to emulate Hafnium's tactics, Bitdefender demonstrated exceptional coverage by successfully detecting all 29 techniques across 14 steps. The product excelled in identifying techniques through a variety of detection types, including telemetry, general detections, and tactic/technique detections. This flawless coverage highlighted Bitdefender's robust monitoring and detection capabilities, solidifying its effectiveness against complex cyber threats.

Bitdefender further distinguished itself in the quality of detection assessment, achieving the highest level of detection quality. The product consistently identified all 29 techniques using tactic or technique detections, offering detailed and actionable insights into the attacker's tactics and techniques. This outstanding performance underscored Bitdefender's ability to recognize and respond effectively to sophisticated cyber threats.

In Scenario 2, inspired by the Lazarus group, Bitdefender demonstrated commendable coverage by successfully detecting 29 out of 30 techniques across 5 steps. The single missed detection related to "Exfiltration over the C2 Channel (T1041)" in step 2. This strong coverage highlighted Bitdefender's capacity to monitor and detect a significant majority of techniques used during the scenario, reaffirming its robust defense against a wide range of cyber threats.

Bitdefender's quality of detection in Scenario 2 was exceptional. It successfully identified 29 out of 30 techniques with tactic or technique detections, indicating a high level of precision and depth. Although there was a single missed detection related to exfiltration over a C2 channel, the remaining 29 detections provided detailed and actionable information about the attacker's tactics and techniques.

In conclusion, Bitdefender's EDR solution demonstrated impressive coverage and consistently delivered high-quality detections in both scenarios. These results highlight Bitdefender's capability to effectively safeguard organizations against complex and evolving cyber threats, underscoring its value as a robust security solution.

With the remarkable results obtained, the product is now eligible for the prestigious AV-TEST Approved Endpoint Detection and Response Certification, a testament to its exceptional capabilities and commitment to advanced cybersecurity.

Download Report (PDF)

Social Media

We want to stay in touch with you! Now there is an easy way to receive regular updates on the latest news and test releases.