In March 2023, independent antivirus software testing group AVLab Cybersecurity Foundation conducted its very first “Attack Visibility in Telemetry” certification test, which is designed to evaluate the performance of endpoint detection and response (EDR) and extended detection and response (XDR) solutions.
The results of the test have just been released and we’re delighted to announce that Emsisoft Enterprise Security with EDR has earned certification! Read on to learn more about how the test was conducted and what the results mean.
A quick overview of EDR
EDR is a relatively new type of cybersecurity tool that gives organizations better visibility of their endpoints. Whereas traditional endpoint protection platforms focus primarily on prevention, EDR systems put more emphasis on detection and information gathering. EDR can analyze data from endpoints across the network, automatically respond to threats and provide critical information that can be used to investigate and triage an incident.
Check out this blog post for more information on EDR and discover how it fits into your wider cybersecurity strategy.
To conduct the certification test, the participating EDR solutions were installed on virtual machines running Windows 11 and Windows Server 2019 with default configurations. Agents of the tested products were connected to the same network, given full access to the Internet and configured with default settings or with additional settings that would facilitate more detailed telemetry.
The products were then exposed to a range of simulated attacks, with AVLab Cybersecurity Foundation testers replicating the actions of attackers who already have access to a target’s IT infrastructure. This involved using a virtual machine running Linux Mint as a Command and Control server with the Caldera Framework, and a virtual machine running Kali Linux and Metasploit software. A variety of network protocols and tools were used as threat delivery vehicles.
Next, testers tracked how each EDR product responded to the attacks, along with the level of information and insight it provides to administrators.
Below is a list of the visibility metrics that were measured:
- Alert in console.
- Manual action.
- Automatic recovery.
- Full visibility of an attack.
- Attack detection.
- Preventive blocking of an attack.
- Attack visible in telemetry.
- No attack telemetry.
We’re happy to report that Emsisoft Enterprise Security with EDR provided detailed visibility into every attack during testing and was consequently awarded certification!
Interestingly, Emsisoft EDR was the only solution that blocked data theft via the Telegram API – every other product allowed the simulated attacker to run malicious code and establish a connection to the target system.
Click here to see the full report, or click here to check out some of the other awards we’ve won in the past.
Emsisoft Endpoint Protection: Award-Winning Security Made SimpleExperience effortless next-gen technology. Start Free Trial
About AVLab Cybersecurity Foundation
AVLab Cybersecurity Foundation is an independent organization that specializes in testing and reviewing security solutions. The group regularly releases reports that offer valuable insight into the effectiveness of various security products. Software that receives a good recommendation from AVLab Cybersecurity Foundation can generally be trusted to provide a high level of protection.