Now, I would have called this paper like so: “What is better, OLD anti-virus or NEW anti-virus?!” The author went for a tamer title version, but it is still an awesome paper, if you are into anti-malware or endpoint security. It contains a detailed feature by feature comparison of many vendors related to fighting malware and it cleanly and logically compares the old world to the new world.
So: “The Evolving Effectiveness of Endpoint Protection Solutions” (Gartner GTP access required!) “compares technologies used by traditional and new, so-called “next-gen” antivirus solutions.”
Only a tiny selection of my favorite quotes follows below:
- “Various new solutions in endpoint protection have demonstrated in public tests that, without using any signatures, an effectiveness comparable to that of the [legacy – comment by A.C.] EPP vendors can be achieved. However, such tests also do not show an effectiveness consistently above that of EPP vendors.” [note that some private test show the same]
- “You may think that independent testing provides a reliable source for effectiveness, but with key vendors missing from some tests and disputed results and methodologies, their usefulness is not always without debate.”
- “Before discussing techniques and comparing endpoint security solutions, let us agree to not use the term “next gen.” There are no next-gen solutions, no next-gen attacks, and no next-gen vendors. […] Forget Next Gen and Adopt “Who-Cares-as-Long-as-It-Works Gen” When evaluating endpoint security solutions, do not treat “next-gen” solutions any differently from incumbent solutions.”
- “Some vendors claim that their predictive engines do run on the endpoint, but achieve better detection rates with cloud access.” [no comment here :-)]
- “By now, most EPP vendors have added some form of algorithmic/ML static pre-execution scanning, and some claim to be have been using this technology for years. […] Algorithmic/ML engines work if designed, trained and implemented well.”
P.S. Please leave paper feedback here!