AV-Comparatives' Advanced Threat Protection Test uses a variety of different attack scenarios, which the tested programs have to defend against. Targeted attacks employ various different techniques to avoid detection by security software. These include fileless attacks, code obfuscation, and the use of legitimate operating-system tools. Disguising malicious code also makes it hard for a security program to recognise. The misuse of legitimate system programs for malicious purposes also makes it easier for cybercriminals to stay under the radar of security measures.
In the Advanced Threat Protection Tests, AV-Comparatives use hacking and penetration techniques that allow attackers to access internal computer systems. These attacks can be broken down into Lockheed Martin's Cybersecurity Kill Chain, and seven distinct phases – each with unique IOCs (Indicators of Compromise) for the victims. All our tests use a subset of the TTP (Tactics, Techniques, Procedures) listed in the MITRE ATT&CK(TM) framework. A false alarm test is also included in the reports.
Tested Enterprise Endpoint Security Products include: Acronis Cyber Protect Cloud with Advanced Security Pack; Avast Business Antivirus Pro Plus; Bitdefender Gravity Zone Elite; CrowdStrike Falcon Pro; ESET PROTECT Entry with ESET PROTECT Cloud; G Data Endpoint Protection Business; Kaspersky Endpoint Security for Business – Select with KSC; VIPRE Endpoint Cloud.
All the enterprise products listed above blocked at least eight out of fifteen advanced attacks, and so received AV-Comparatives' ATP Enterprise Certification.
Tested consumer security programs includes: Avast Free Antivirus; AVG Free Antivirus; Bitdefender Internet Security; ESET Internet Security; G Data Total Security; Kaspersky Internet Security; McAfee Total Protection; VIPRE Advanced Security.
Of these, Avast, AVG, ESET, Kaspersky and McAfee consumer products reached the highest ADVANCED+ rating.
"The Advanced Threat Protection Test checks each security product's ability to protect a computer against targeted attacks, which are known as "advanced persistent threats" (APTs). These are complex, multi-stage attacks that are aimed at a specific individual or organisation. Whilst the majority of such attacks may be ultimately aimed at infiltrating enterprise networks, an obvious means of doing this is to target the personal computers of staff members within the organisation. Additionally, cybercriminals may launch targeted attacks against individuals for other reasons. This means that protection against such attacks should be provided by consumer security programs, as well as corporate endpoint protection software.", says Peter Stelzhammer, co-founder of AV-Comparatives.
All of the tested products, consumer and enterprise, had to defend against 15 different complex targeted attacks.
AV-Comparatives is an independent organization offering systematic testing that checks whether security software, such as PC/Mac-based antivirus products and mobile security solutions, lives up to its promises. Using one of the largest sample collections worldwide, it creates a real-world environment for truly accurate testing. AV-Comparatives offers freely accessible results to individuals, news organizations and scientific institutions. Certification by AV-Comparatives provides an official seal of approval for software performance which is globally recognized.