AV-TEST - Defense Against the Latest Attacking Techniques in the ATP Test 2024

[harlan4096]

Cybersecurity: Defense Against the Latest Attacking Techniques in the ATP Test

In an ongoing race against cybercriminals, security vendors need to constantly maintain the upper hand in order to sustainably guarantee the security of data for both consumer users and corporate users. The Advanced Threat Protection test from AV-TEST relies on detailed individual tests to examine whether the vendors are able to detect and defend against the latest, most sophisticated cyberattacks. Twenty-five products were evaluated on Windows systems in this test using ten scenarios to simulate ransomware and data stealer attacks on the systems. Special attacking techniques such as reflective code loading and fileless malware, which challenge modern security algorithms as they have to detect dangerous lines of code or scripts, were used. The outcome of the testing shows that overall the security products can defend their leading position; however, some products do not have all attack steps under control.

25 security products for consumer users and corporate users prove their mettle in the current Advanced Threat Protection (ATP) test showing how they defend against ransomware and data stealer attacks. “Advanced” testing means that all products need to thwart the attackers in ten complex scenarios where they attempt to invade the Windows systems. If the attackers accomplish their goal, the systems are encrypted or the data is stolen, and sometimes even both events occur. In the ATP test, the laboratory records each individual step in defending against the attack, and this is documented in a matrix modeled according to MITRE ATT&CK standard. The test scenarios are divided into five ransomware and five data stealer scenarios. There are three main steps in the defense against ransomware, for which up to 3 points are awarded. In the case of data stealers, there are four evaluated actions and in turn up to 4 points can be awarded. The highest protection score that a product can achieve is 35 points.

Consumer products and corporate solutions in the ATP test

The ATP test from January and February 2024 included 12 products for consumer users and 13 endpoint solutions for corporate users. The consumer protection packages were from Avast, AVG, Avira, Bitdefender, ESET, F-Secure, G DATA, Kaspersky, Microsoft, Microworld, Norton, and PC Matic.

The products for corporate users in the test were from Avast, Bitdefender (two versions), Check Point, ESET, HP Security, Kaspersky (two versions), Microsoft, Qualys, Seqrite, Symantec, and WithSecure.

The 250 individual results that were recorded as part of this test were summarized using well-defined visual graphics listing ten results for each product. It quickly becomes clear where the respective product has stopped the attacker in its tracks. For this purpose, the lab used a color coding system. Green indicates that the attack was stopped. Yellow indicates that problems occurred, where even part of the data might have been encrypted. Orange-red indicates that the attacker was successful and data was stolen or the system was encrypted, which would then often end up with a ransom demand.
...

Full Report