Now, I would have called this paper like so: “What is better, OLD anti-virus or NEW anti-virus?!” The author went for a tamer title version, but it is still an awesome paper, if you are into anti-malware or endpoint security. It contains a detailed feature by feature comparison of many vendors related to fighting malware and it cleanly and logically compares the old world to the new world.
So: “The Evolving Effectiveness of Endpoint Protection Solutions” (Gartner GTP access required!) “compares technologies used by traditional and new, so-called “next-gen” antivirus solutions.”
Only a tiny selection of my favorite quotes follows below:
- “Various new solutions in endpoint protection have demonstrated in public tests that, without using any signatures, an effectiveness comparable to that of the [legacy – comment by A.C.] EPP vendors can be achieved. However, such tests also do not show an effectiveness consistently above that of EPP vendors.” [note that some private test show the same]
- “You may think that independent testing provides a reliable source for effectiveness, but with key vendors missing from some tests and disputed results and methodologies, their usefulness is not always without debate.”
- “Before discussing techniques and comparing endpoint security solutions, let us agree to not use the term “next gen.” There are no next-gen solutions, no next-gen attacks, and no next-gen vendors. […] Forget Next Gen and Adopt “Who-Cares-as-Long-as-It-Works Gen” When evaluating endpoint security solutions, do not treat “next-gen” solutions any differently from incumbent solutions.”
- “Some vendors claim that their predictive engines do run on the endpoint, but achieve better detection rates with cloud access.” [no comment here :-)]
- “By now, most EPP vendors have added some form of algorithmic/ML static pre-execution scanning, and some claim to be have been using this technology for years. […] Algorithmic/ML engines work if designed, trained and implemented well.”
P.S. Please leave paper feedback here!
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.