PUBLICATION & RESEARCH LIBRARY

Authors: Morgan Dhanraj and Thomas Skybakmoen

Publish Date: April 16, 2018

This report is available through the Advanced Endpoint Protection (AEP) Category Subscription. All of our subscription options can be viewed here.

TECHNOLOGY DESCRIPTION
Neither traditional antivirus (AV) nor next-generation AV for the endpoint are effective in protecting against today’s advanced threats. The threat landscape has evolved rapidly—new evasion techniques, exploits, and advanced malware leverage various threat vectors to exploit vulnerabilities within operating systems and applications on endpoints. This means that protecting the endpoint today requires a fundamentally different approach.

Advanced endpoint protection (AEP) products focus on preventing cybercriminals from ever reaching or executing on the endpoint. These products employ sophisticated techniques such as machine learning, pattern recognition, or predictive algorithms to detect and block malware and to contain suspicious activities. Additionally, AEP products monitor processes running on endpoints, detect any communication with potentially malicious hosts, and conduct audits of file systems and registries. To enhance the user experience, AEP products typically automate threat remediation policies as well as provide containment capabilities to protect the endpoint.

Several leading AEP products have expanded their technology to provide not only prevention and blocking of attacks but also greater visibility into suspicious activities and richer forensic information. This is especially useful for organizations that do not have skilled security analysts.

REPORT FOCUS
Implementation of AEP can be a complex process, with multiple factors affecting the overall cost of deployment, maintenance, and upkeep. This report focuses on the Total Cost of Ownership (TCO) per Protected Agent. NSS’ cost analysis includes a three-year TCO, which is based on:

  • Product cost for 500 software agents
  • Total projected cost to operate a business without a security product
  • Projected savings realized from blocking or detecting an infection and/or incident

 

PRODUCTS EVALUATED
The following products were evaluated:

  • Bitdefender GravityZone Elite v6.2.31.985
  • Carbon Black Cb Defense v3.0.2.2
  • Cisco AMP for Endpoints v6.0.5
  • Comodo Advanced Endpoint Protection v3.18.0
  • Cylance CylancePROTECT + OPTICS v2.0.1450
  • Endgame Endpoint Security v2.5
  • enSilo Endpoint Security Platform v2.7
  • ESET Endpoint Protection Standard v6.5.522.0
  • FireEye Endpoint Security v4
  • Fortinet FortiClient v5.6.2
  • G DATA Endpoint Protection Business v14.1.0.67
  • Kaspersky Lab Kaspersky Endpoint Security v10
  • Malwarebytes Endpoint Protection v1.1.1.0
  • McAfee Endpoint Security v10.5
  • Palo Alto Networks Traps v4.1
  • Panda Security Panda Adaptive Defense 360 v2.4.1
  • SentinelOne Endpoint Protection Platform (EPP) v2.0.1.10548
  • Sophos Endpoint Protection 10.7.6 VE3.70.2
  • Symantec Endpoint Protection and Advanced Threat Protection (ATP) Platform v14.0.3876.1100
  • Trend Micro Smart Protection for Endpoints v12.0.1864

To learn how vendors performed, download a copy of each Test Report. NSS clients can also download the AEP Comparative Reports on Security and Security Value Map.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.