Put to the Test: Endpoint Security for Corporate Networks
Cyber gangsters have their sights trained on companies in particular, because they are the most lucrative target. Defense solutions available in the market are often very comprehensive, equipped with many security levels and modules. One of the key tasks of a security solution is protecting the endpoints in a company. The laboratory of AV-TEST tested 18 endpoint security solutions in terms of their protection, performance and usability on Windows 10 PCs. In each test section, products can achieve up to 6 points, i.e. a maximum 18 points in total.
18 solutions put to the test – 12 earning TOP PRODUCT recognition
The test results indicate that the market offers good solutions for corporate users. In the test, the lab awarded 4 products the top score of 18 points, whereas 8 solutions earned a high score of 17.5 points. For this outstanding performance, the lab recognized 12 products with a TOP PRODUCT rating. The solutions from Kaspersky and Symantec, each with two product versions, achieved 18 points. The products from Avast, Bitdefender, F-Secure, McAfee (with two versions), Microsoft, Sophos and Trend Micro attained 17.5 points.
But the remaining 6 products averaged good scores as well: 5 of them achieved good results of 17 to 16.5 points in the test. While G Data finished in last place, it did in fact score 15 points.
The lab test took place in July and August 2019 and was performed on identical Windows 10 test PCs and virtual machines. Only the speed test was performed on a fast high-end PC and an office PC, comparing results afterwards.
Client-server security for corporate users
Malware detection by endpoint solutions
When nearly 14,000 malware samples are knocking at the door
For the vital test in terms of protection, the lab evaluated all solutions in two steps: First came the real-world test, in which each solution was required to identify nearly 400 brand-new malware samples. The lab always collects them from websites and e-mails shortly before the test. Some of the attackers are merely a few hours old before they end up in the test. In the second step, the lab deploys the reference set. This test set contains over 13,500 Trojans and other malware samples up to two weeks old. That is why the products really ought to identify these attackers more effectively than those in the real-world test. The entire protection test always runs for a period of two months. During this time, each package is continuously tested, thus showing very reliable results. In the detection table, there are four percentage ratings on each product.
Achieving impressive 100% detection in all protection tests were the solutions from Bitdefender (Version Ultra), Comodo, Microsoft, Sophos, Trend Micro as well as each of the two solutions from Kaspersky and Symantec. Check Point missed the top scores only with the reference set: 99,9 percent twice.
While the following solutions always delivered error-free results with the reference set, they did commit minor errors in the real-world test: Avast, Bitdefender (Endpoint-Version), F-Secure, as well as McAfee with two versions.
In total, 15 of the 18 products evaluated received the maximum 6 points in the category of protection. The solutions from ESET, Seqrite and G Data committed detection errors, therefore receiving only 5.5 and 5 points respectively for their results.
Performance on an office or high-end PC
When it comes to excess performance, most office PCs are not exactly known for burning rubber out on the tarmac. That's why it's important for an endpoint protection solution to utilize as few resources as possible. In order to measure this, all products were installed on a high-end PC and an office PC, performing a set sequence of routine tasks, such as launching websites, copying files or installing software. The times required for these tasks were noted, then compared with previously clocked reference values.
The result is in fact favorable for most products, but some differences were measured, however. The solutions from Bitdefender (Endpoint), F-Secure, McAfee (Small Business Security), Seqrite as well as Kaspersky and Symantec with two versions each, hardly caused any load on the test PCs and thus each received the full 6 points.
The middle-ranking products from Avast, Comodo, ESET, McAfee, Microsoft, Sophos and Trend Micro showed small measurable load defects for individual operations and thus suffered a slight deduction: 5.5 instead of 6 points. Bitdefender's Ultra version, Check Point and G Data generated a somewhat greater load on the Windows 10 client. For this, only 5 points were awarded.
Kaspersky Endpoint Security & Small Office Security
Symantec Endpoint Protection & Cloud
F-Secure PSB Computer Protection
McAfee Endpoint Security & Small Business Security
When false positives become an unnecessary burden
If an endpoint protection solution triggers a false positive, this can cause a severe interruption in the work or production flow. That is why the lab conducts a comprehensive evaluation of the friend-foe detection of each individual solution. For this purpose, 500 malware-free websites are visited, over 1.4 million clean files scanned and dozens of popular applications installed. The optimal outcome after all test steps is to not have a single alarm.
This feat was accomplished only by the solutions from Check Point, Kaspersky and Symantec, each with two versions, as well as Trend Micro. Committing only one error in all tests were the products from Avast, ESET, McAfee (Endpoint Security), Microsoft and Sophos. The lab therefore awarded the maximum six points to these 11 out of 18 solutions. All additional solutions wrongly flagged several files and thus only achieved 5.5 or 5 points.
12 TOP PRODUCT ratings speak for themselves
Being awarded a TOP PRODUCT rating by the lab is not a cake walk. After all, a solution is required to complete the test with 17.5 or 18 points. 12 out of the 18 solutions tested overcame this massive obstacle; a very high number. Which means that the market offers excellent endpoint protection solutions for corporate users. Most of them combine a high level of protection with a low system load and practically no false alarms. Those are good foundations on which to base comprehensive protection systems.