Enterprise security teams face daily challenges in keeping their environments secure. When it comes to picking an endpoint security partner, security teams struggle to compare their options, given all vendors claim to be the best. Reading through marketing collateral, indeed one may conclude that all Endpoint Protection Platform (EPP) solutions are the same. They are not.
Real World Testing (RWT) is the only way to measure a solution’s effectiveness. However, it is not possible for most customers to test all use cases for a product without creating expensive labs and extensive sample collections. Further, such investments would need to be continuous in order to get a consistent measure of an EPP’s effectiveness, instead of just a snapshot in time.
When it comes to picking an endpoint security partner, security teams struggle to compare their options, given all vendors claim to be the best.
Accurate testing only can be done by accredited 3rd party testing labs. Symantec, a division of Broadcom (NASDAQ: AVGO), believes that 3rd party testing is the best way for customers to get a fair evaluation of EPP effectiveness. We also are confident we have the best endpoint security solution in the market. For that reason, Symantec regularly participates in rigorous 3rd party testing from multiple sources.
What have we learned from all of the testing that Symantec Endpoint Security tests has undergone? Multiple testing experts have demonstrated -- time and again -- that Symantec is the clear leader in endpoint protection.
Let’s take a look:
Symantec Endpoint Protection (SEP) has a long history of 3rd party testing that demonstrates consistently high efficacy. Consistency is critical. The reason: Adversaries do not take time off. But the good news is neither do we. In its YTD Protection Test by AV-Test Institute (2020 through August) SEP was the best performer compared to our closest competitors.
Symantec Endpoint Protection (SEP) has a long history of 3rd party testing that demonstrates consistently high efficacy.
In the actual detection of threats, or False Negatives in the terminology of the test, some vendors were within a percentage point or two of SEP. Those vendors will certainly say that a percentage point is close enough, that there is no real difference. But there are millions of new threats released in the wild each day. With numbers that big a percentage point difference is huge. Here is another way to look at it; in the test SEP showed a single compromise. That’s 12 times better than the nearest competitor. So against the next closest vendor, SEP will be 12 times better at protecting you from those millions of real world threats.
- 12x better than Vmware Carbon Black
- 13x better than Microsoft Defender
- 16x better than McAfee
- 58x better than Cylance
- (CrowdStrike did not participate)
Any good testing also looks at false positives -- that’s the number of times an alert is generated on something that is not a valid threat. Nonetheless, other security vendors often try to boost their detection scores by including false positives in their threat detection totals. In reality, it's disastrous for customers to rely on an endpoint protection product that generates a high number of false positives. Think about the pace at which security and SOC teams already need to work -- just to stay even keel! Consider the sheer number of endpoints, often exceeding 100k in a single organization. Then think of the number of alerts each endpoint can create every single day. It’s hard to imagine how any security tool that generates needless investigations and processes could be useful to an already overworked SOC team! That’s why it’s critical to evaluate vendors on their false positive rates. In the False Positive Test by AV-Test (2020 through August) SEP was the only solution to have ZERO False Positives. None.
- Microsoft – Did Not Participate
- Crowdstrike – Did Not Participate
- McAfee – Did Not Participate
- Vmware Carbon Black - Did Not Participate
- Cylance - Did Not Participate
- Trend Micro – Did Not Participate
- Lookout – Did Not Participate
- Zimperium – Did Not Participate
This brings up an important question… Why don’t other endpoint security providers participate in 3rd party testing? Why do most vendors go out of their way to avoid any testing mobile or macOS? Knowing how effective RWT are for solid product evaluations, why don’t we see more participation? Perhaps some vendors believe it's easier to invest in marketing than to let their product do the talking.
By now, you get our point. Real World Testing is the most effective way to evaluate endpoint security solutions. And AV-Test is not the only testing organization out there. Those looking for a second or third opinion can try:
- SE Labs: SEP came in 1st place with 100% Total Accuracy score.
- MRG: "In the Wild 360 / Full Spectrum Test" SEP again was the winner, scoring perfectly with zero misses and having the most auto or behavioral blocks. Symantec was also the only vendor to receive the “Level 1” certification, meaning we had zero misses in the ITW test and passed their live botnet test.
The results are the same. The results are unanimous. The clear winner continues to be - Symantec Endpoint Protection (SEP). SEP is available as a stand-alone offering, and included in Symantec Endpoint Security Enterprise (SESE) and Symantec Endpoint Security Complete (SESC).
We encourage you to share your thoughts on your favorite social platform.