Blog post

Excellent Paper: “The Evolving Effectiveness of Endpoint Protection Solutions”

By Anton Chuvakin | June 19, 2017 | 0 Comments


Now, I would have called this paper like so: “What is better, OLD anti-virus or NEW anti-virus?!” The author went for a tamer title version, but it is still an awesome paper, if you are into anti-malware or endpoint security. It contains a detailed feature by feature comparison of many vendors related to fighting malware and it cleanly and logically compares the old world to the new world.

So: “The Evolving Effectiveness of Endpoint Protection Solutions” (Gartner GTP access required!) “compares technologies used by traditional and new, so-called “next-gen” antivirus solutions.”

Only a tiny selection of my favorite quotes follows below:

  • “Various new solutions in endpoint protection have demonstrated in public tests that, without using any signatures, an effectiveness comparable to that of the [legacy – comment by A.C.] EPP vendors can be achieved. However, such tests also do not show an effectiveness consistently above that of EPP vendors.” [note that some private test show the same]
  • “You may think that independent testing provides a reliable source for effectiveness, but with key vendors missing from some tests and disputed results and methodologies, their usefulness is not always without debate.
  • “Before discussing techniques and comparing endpoint security solutions, let us agree to not use the term “next gen.” There are no next-gen solutions, no next-gen attacks, and no next-gen vendors. […] Forget Next Gen and Adopt “Who-Cares-as-Long-as-It-Works Gen” When evaluating endpoint security solutions, do not treat “next-gen” solutions any differently from incumbent solutions.”
  • “Some vendors claim that their predictive engines do run on the endpoint, but achieve better detection rates with cloud access.” [no comment here :-)]
  • “By now, most EPP vendors have added some form of algorithmic/ML static pre-execution scanning, and some claim to be have been using this technology for years. […] Algorithmic/ML engines work if designed, trained and implemented well.”


P.S. Please leave paper feedback here!

The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed