Strategic leader in av-comparatives endpoint prevention and response
Independent testing organization AV-Comparatives names WithSecure as a Strategic Leader in their Endpoint Prevention and Response (EPR) report.
AV-Comparatives recently conducted their most comprehensive test of Endpoint Protection and EDR products yet, named Endpoint Prevention and Response (EPR).
The test results, and being named as a Strategic Leader in the accompanying CyberRisk Quadrant™, once again confirms WithSecure’s industry-leading capabilities in preventing, detecting, and responding to targeted attacks such as advanced persistent threats (APTs).
Strategic Leaders show others the way forward by setting ambitious targets and meeting them. They develop groundbreaking ideas and implement these impressively in their products.
This AV-Comparatives report provides new perspectives for evaluating Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) solutions by uniquely balancing product cost to effectiveness of enterprise prevention and response capabilities. Evaluated products deliver higher enterprise savings if attacks are prevented at or soon after execution with the necessary detection information to help with an effective response. Blocking 100% of attacks will result in zero breach costs.
The EPR product validation report for WithSecure noted, “WithSecure Elements EDR and EPP for Computers did exceptionally well at handling threats that are targeted towards the user, and in particular, before the threat even progresses inside the user environment. In addition, the product demonstrated several safeguards that helped in protecting the enterprise end-user against the scenarios we tested.”
As the Enterprise CyberRisk Quadrant™ below demonstrates, Strategic Leaders deliver a very high return on investment (ROI) with a low total cost of ownership (TCO) combined with exceptional technical capabilities and reasonable costs.
A comprehensive Endpoint Protection, and Endpoint Detection and Response evaluation
The AV-Comparatives’ report compiles the performance statistics of 10 security vendor solutions in 50 different simulated targeted attack scenarios, using several different techniques:
- At each stage, the test determined whether the product detected the attack, took automated action to block the threat, or provided information about the attack for passive response (so the administrator could then take action themselves).
- If an EPR product did not block an attack at one stage, the attack would continue to the next phase, and the product’s response would be logged.
AV-Comparatives’s attack simulation test spanned across three attack phases, starting from initial “compromise and foothold”, followed by “internal propagation”, and ending with “asset breach”, in case the tested product was not able to prevent the breach.
Efficacy per Phase of WithSecure Elements EDR and EPP for Computers
Since WithSecure stopped all the simulated attacks before the “asset breach”, the test phase 3 scenario was not even required as WithSecure had already prevented the threats in a previous phase. This clearly highlights the importance of investing in the strongest possible prevention capabilities and not only relying on endpoint detection and response (EDR) capabilities to detect attacks that have bypassed the preventive layer.
Strong protection with a low total cost of ownership
The AV-Comparatives EPR CyberRisk Quadrant factors in the effectiveness of each product at preventing breaches in addition to its purchase and accuracy costs and the calculated savings as a result. Strategic leaders are described as “endpoint prevention and response products" that have a very high return on investment and provide a very low total cost of ownership (TCO) - all due to exceptional technical capabilities combined with reasonable costs.
WithSecure Elements offers unique flexibility in licensing models with its pick-and-choose security technologies, allowing organizations to move away from ownership of security technology to simply being users. This results in an even better total cost of ownership (TCO) than the five-year timeframe AV-Comparatives used for evaluation. We have simplified our entire offering with Elements while also giving our customers and partners as much flexibility as possible.
In the report, AV-Comparatives also commended WithSecure Elements for:
- Ease of configuration and deployment in a domain or workgroup environment.
- Exceptional capabilities in protecting users, particularly before threats progress inside the users’ environment
- Aggregation and prioritization of alerts to minimize noise
- Different response options for mitigated threats and information for SOC analysts to investigate/inspect
- Good mapping to MITRE’s tactics, techniques, and procedures (TTPs), which provide low-level SOC analysts with data to investigate and escalate when necessary
- An easy to use and intuitive management console that provides useful contextual data, from which SOC analysts then ascertain what threats need prioritizing.
- Low total cost of ownership (TCO) over a 5-year period
A modular cloud-native cyber security platform
WithSecure Elements Endpoint Protection (EPP) and Endpoint Detection and Response (EDR) are part of WithSecure Elements, a modular cloud-native cyber security platform. Elements enable organizations to easily add network-based vulnerability management or cloud-based Microsoft 365 email and collaboration protection capabilities for more comprehensive yet easy to manage cloud-based security solutions - delivering the lowest possible total cost of ownership (TCO) in a single cyber security platform. In addition, TCO can be lowered while navigating cyber security skills and resource shortages using the ‘Elevate to WithSecure’ on-demand expert service. This is available directly within the EDR product or by leveraging fully managed services delivered by WithSecure and its certified Managed Service Providers.
As a cloud-native solution, WithSecure Elements is rapidly evolving with new capabilities. For example, since AV-Comparatives conducted the test in October 2021, WithSecure has already introduced many new advanced response actions to enable defenders to enrich forensic artefacts from endpoints and