Cisco Secure Endpoint (previously AMP for Endpoints) was named a Strategic Leader by AV -Comparatives in the Endpoint Prevention and Response (EPR) CyberRisk Quadrant in their inaugural EPR Comparative Report.
AV-Comparatives is a leading independent endpoint security software testing organization withtwo decades of experience. The EPR report assessed how effective endpoint security products are at preventing, detecting, and responding to targeted attacks. It consists of a series of tests that emulate multi-stage attacks along similar lines as MITRE’s ATT&CK evaluation – testing prevention, detection, and response capabilities, with the addition of an efficacy scoring mechanism and cost analysis. You can find the report’s methodology here.
Forrester’s Chris Sherman, senior analyst and author of Forrester’s Endpoint Security Suite Wave, stated that “The EPR test includes the depth and breadth necessary to fairly evaluate vendors with both prevention and detection capabilities” Chris also mentioned that he hasn’t “been this excited for a new test since MITRE discussed their round one test”.
Ten vendors participated in the test. Only four were named Strategic Leaders. AV-Comparatives defines Strategic Leaders as “EPR products that have a very high return on investment” that “provide very low total cost of ownership” due to “exceptional technical capabilities” that “demonstrated outstanding enterprise-class prevention, detection, response and reporting capabilities, combined with optimal operational and analyst workflow features.”
Cisco Secure Endpoint had one of the highest scores for active response, passive response, and combined prevention / response capabilities. It achieved this while having one of the lowest costs per endpoint and total cost of ownership. As a leading EPR product in this test, Cisco Secure Endpoint has demonstrated exceptional technical capabilities to prevent most attacks, combined with reasonable costs so we can deliver very high ROI and very low TCO for our customers.
We participated in the test with our Essentials tier, our most basic offering which does not include Orbital Advanced Search or SecureX Threat Hunting. Additionally, the evaluation was conducted just as we were introducing our latest endpoint detection and prevention engine, Behavioral Protection. The new engine is specifically designed to better detect the type of sophisticated attacks that bypass malware and atomic-indicator detection engines, such as attacks that make use of living-of-the-land techniques, by focusing the on the behavioral patterns of the attacks. Since then, we’ve further enhanced this engine.
Finally, since the AV-Comparatives’ EPR test, Cisco is in the process of participating in MITRE’s latest round of ATT&CK evaluations, focused on the Carbanak+FIN7 threat actors. The results of the MITRE evaluation should become available in the coming months.