Freely subscribe to our NEWSLETTER

The EPR test is the most comprehensive assessment of its kind in the world. Vendors that take part will have the opportunity to demonstrate the power and performance of their solutions to an expert audience including CISOs and cybersecurity decision makers.

Last year’s test exposed 10 products to 50 separate targeted attack scenarios. AV-Comparatives awarded the top Strategic Leader Award to Bitdefender, Palo Alto Networks, Check Point, CrowdStrike, F-Secure, Cisco and ESET. Symantec by Broadcom earned the CyberRisk Visionaries award. Two further vendors reached the Strong Challengers award.

The Strategic Leader Award recognises EPR products that demonstrate high return on investment and a low total cost of ownership. To be named a Strategic Leader, EPR solutions must demonstrate outstanding enterprise-class prevention, detection, response, and reporting capabilities, combined with optimal operational and analyst workflow features.

Peter Stelzhammer, co-founder of AV-Comparatives, said: “We are pleased to open up the AV-Comparatives EPR test to new competitors. Our rigorous assessment is a chance for vendors to demonstrate the power of their solutions and the results will be a valuable resource for businesses that are planning to invest in EPR.”

“The cost of a breach has never been higher. Last year, IBM reported that the average cost of a breach was $4.24 million, and this figure may rise in 2022. EPR is an excellent investment for any enterprise that wishes to reduce risk and minimise the negative impact of an attack.”

EPR products are used to detect, prevent, analyse, and respond to targeted attacks such as advanced persistent threats (APTs). They detect and block malware or network attacks on individual workstations, as well as multi-stage attacks that affect an organisation’s entire network.

EPR solutions should be able to gather intelligence which reveals the origin, methodology and aims of an attack in order to give security staff the ability to contain the threat, stop it from spreading, repair the damage and prevent future incidents.

The EPR test uses a number of techniques to assess the performance of vendors’ products. The simulated attacks involve three phases: Endpoint Compromise and Foothold; Internal Propagation and Asset Breach. Each attack continues to the next stage if the solution fails to block the threat.
These tests reveal if the product detects an attack, automatically blocks the threat in an active response or provides the information required for a passive response in which the administrator tackles the threat themselves.
Another focus is the Time-To-Detect window.

AV-Comparatives also tests products’ investigative capabilities, such as the ability to present a timeline of an attack which reveals a breakdown of each phase. The final test investigates each solution’s ability to gather and present indicators of compromise in a useful, actionable, and easily understood manner.