Advanced EDR test 2024: WithSecure Elements Endpoint Detection and Response
AV-TEST conducted a comprehensive evaluation of WithSecure Elements Endpoint Detection and Response from December 2023 to January 2024, focusing on the Endpoint Detection and Response (EDR) capabilities. The evaluation aimed to assess the effectiveness of the EDR component in detecting and neutralizing threats commonly associated with sophisticated actor groups known for advanced persistent threats (APTs). The assessment included detailed test scenarios simulating two different attack patterns, each representing a wide range of tactics and techniques typically used by advanced attackers.
Scenario 1 - APT18-like cyber espionage:
This scenario tested the system's resilience to a well-coordinated attack by APT18, a group known for its sophisticated cyber espionage operations. The test recreated the group's known behaviors, such as spear phishing, system discovery, data collection and obfuscation methods. The main objective was to evaluate the product's ability to detect, respond to and mitigate complex attack vectors to gain insight into organizations' cybersecurity defenses.
In Scenario 1, WithSecure Elements Endpoint Detection and Response demonstrated robust detection capabilities by successfully identifying all techniques across multiple attack steps. The product's effective monitoring and detection system proved critical in defending against sophisticated cyber threats.
WithSecure excelled in the quality of detection, providing detailed and actionable insights at every step. It was able to effectively categorize the techniques and provide a comprehensive insight into the tactics and techniques of the attack. This performance underlines WithSecure Elements Endpoint Detection and Response's ability to handle complex cyber espionage attempts.
Scenario 2 - Mixed tactics similar to TA577, Turla and FIN6:
The second scenario mimicked the operational tactics of various notorious groups, including TA577, Turla and FIN6, and featured a complex mix of phishing, data manipulation and lateral movement techniques. The goal of this test was to evaluate the system's defenses against multi-layered and advanced threats designed to steal sensitive information and establish a long-term presence on the network.
Scenario 2 included a range of techniques. WithSecure Elements Endpoint Detection and Response successfully detected all of these techniques, demonstrating its ability to adapt to different threat behaviors and effectively combat a wide range of cyber threats. The product's response to these scenarios confirmed its ability to protect systems from sophisticated and diverse attacks.
The overall performance of WithSecure Elements Endpoint Detection and Response was impressive in both scenarios. The consistently high quality of the detection results underlines the product's potential to protect organizations from evolving and complex cyber threats.
Based on the results achieved, WithSecure Elements Endpoint Detection and Response qualifies for the prestigious AV-TEST Approved Advanced Endpoint Detection and Response certification, which recognizes it as a reliable and effective solution in the field of cyber security.