AV-TEST - Cybersecurity: Defense Against the Latest Attacking Techniques in the ATP T

[harlan4096]

AV-TEST - Cybersecurity: Defense Against the Latest Attacking Techniques in the ATP T

In an ongoing race against cybercriminals, security vendors need to constantly maintain the upper hand in order to sustainably guarantee the security of data for both consumer users and corporate users. The Advanced Threat Protection test from AV-TEST relies on detailed individual tests to examine whether the vendors are able to detect and defend against the latest, most sophisticated cyberattacks. Twenty-five products were evaluated on Windows systems in this test using ten scenarios to simulate ransomware and data stealer attacks on the systems. Special attacking techniques such as reflective code loading and fileless malware, which challenge modern security algorithms as they have to detect dangerous lines of code or scripts, were used. The outcome of the testing shows that overall the security products can defend their leading position; however, some products do not have all attack steps under control.

ATP test: results for consumer user products

The lab tested 12 end-user products in the extended ATP test to see how well they detect and defend against data stealers and ransomware using the latest cyberattack techniques. Products from the following vendors were put to the test: Avast, AVG, Avira, Bitdefender, ESET, F-Secure, G DATA, Kaspersky, Microsoft, Microworld, Norton, and PC Matic.

8 of the 12 protection packages for Windows examined had no problems at all during the entire test in detecting the attackers and immediately stopping and isolating them in one of the first two steps: Avira, Bitdefender, ESET, G DATA, Kaspersky, Microworld, Norton, and PC Matic.

Microsoft Defender detected the attackers in the ten scenarios, but in one case with ransomware it could not initially stop further execution. The startup file was generated, but it was then prevented from being executed, so in the end the system was not encrypted. In one case, the points scored were halved for this reason. In general, Microsoft scored 33.5 out of 35 points in this test.

The issues for the products from Avast, AVG, and F-Secure were almost identical in the test. The products detected the attackers in two cases with data stealers and two cases with ransomware; however, they were initially unable to prevent them from taking further action. The defense mechanism was only triggered when the data was about to be extracted or encrypted, which was when the destructive component was isolated and rendered harmless. It prevented data from being stolen and nothing could be encrypted.

Nevertheless, with the products from Avast, AVG, and F-Secure, the attackers managed to advance further than they should have been able to. For this reason, based on the four cases, there was a significant point deduction. At the end of the test, all of the three products mentioned received 29 out of 35 points for their protection score.

All protection packages earned the “Advanced Certified” certificate in the ATP test. The only exception here was G DATA: although the product performed well in testing, AV-TEST only certifies products that achieve certification in the regular monthly tests and fulfill all their criteria.

ATP test: results for endpoint products

The testing of corporate solutions examined endpoint products from the following vendors: Avast, Bitdefender (two versions), Check Point, ESET, HP Security, Kaspersky (two versions), Microsoft, Qualys, Seqrite, Symantec, and WithSecure.

The corporate product test went extremely well for nearly all vendors. 12 of the 13 endpoint products tested did not allow ransomware attackers or data stealers a chance in any of the ten scenarios, effectively stopping all attacks immediately. For this feat, all products received the full 35 points in terms of the protection score.

Seqrite was the only product that encountered a problem: it detected the attackers in two ransomware attacks and two data stealer attacks, yet it was unable to stop the initial actions. It was only possible in later steps for the product to isolate the malware and stop the attackers’ destructive efforts. In the end, no data was stolen or encrypted. Nevertheless, it hurt Seqrite in the scoring, leaving it with only 29 out of 35 possible points.