CrowdStrike Falcon Demonstrates Continued Excellence in Recent AV-Comparatives Evaluations

  • CrowdStrike Falcon® receives new recognition from AV-Comparatives, a prestigious independent third-party testing institution
  • In AV-Comparatives Real-World Protection Test, Falcon achieved 99.7%, and zero false positives on common business software (Malware Protection Test) using automated protection and remediation capabilities
  • By participating in independent tests, CrowdStrike once more demonstrates transparency and commitment in its mission to stop breaches

CrowdStrike has received new recognition from one of the most prestigious independent third-party testing institutions, AV-Comparatives, reflecting our commitment to transparency and constant improvement of the Falcon platform’s capabilities. Falcon’s consistent achievements in independent testing are largely due to its automated protection and remediation capabilities that combine on-sensor indicators of attack (IOAs) and machine learning with the power of the cloud to prevent and detect malicious behavior.

CrowdStrike Falcon recently achieved 99.7% in the AV-Comparatives Real-World Protection Test (August-September 2021), an evaluation of 19 enterprise endpoint security solutions. At CrowdStrike, we remain committed to transparency and to participating in independent tests with leading third-party independent testing organizations to ensure that we are building relevant, meaningful and valuable capabilities for clients.

CrowdStrike AV-Comparatives Results Reflect Testing Commitment

CrowdStrike participates in one of the widest ranges of third-party test assessments. By participating in third-party independent tests and being evaluated against other security vendors under various malware, environments and use cases, we drive continual improvements to Falcon’s automated remediation and protection capabilities.

CrowdStrike Falcon demonstrated continued excellence by achieving top results in the AV-Comparatives Malware Protection Test (September 2021) and Real-World Protection Test (August-September 2021). The results are published in AV-Comparatives’ recent Business Main-Test Series report, part of a more extensive report to be published in December 2021 announcing “Approved Business Product” certification for endpoint security solutions.

Falcon achieved a 99.7% protection rate in the two-month AV-Comparatives Real-World Protection Test (August-September 2021), which evaluated 19 enterprise endpoint security solutions and performed 375 test cases. Falcon relies on automated protection and remediation components enabled by indicators of attack (IOA) and machine learning both on-sensor and in the cloud. Falcon achieved a malware protection rate of 99.4%, with zero false positives on common business software, in the September Malware Protection Test, which involved 1,016 recent malware samples.  

While the Real-World Protection test involves test cases, such as malicious URLs simulating an attack chain that starts from a URL, the Malware Protection Test involves assessing a security solution’s ability to detect, block and reverse any changes made by threats when copied or executed directly on the targeted system. The latter test verifies the behavioral detection capabilities of the security solution. CrowdStrike Falcon uses behavior-based detection using indicators of attack (IOA) and machine learning to detect and protect against new and unknown threats. 

AV-Comparatives performs regular testing on endpoint security solutions using relevant and recent in the wild malware to determine if security vendors can both detect and prevent threats from changing or compromising the system. This leading independent testing organization uses “more test cases per product and month than any other testing lab running similar tests,” according to AV-Comparatives co-founder Peter Stelzhammer.  AV-Comparatives has repeatedly evaluated CrowdStrike Falcon, and CrowdStrike remains committed to the transparency of these testing results, as they demonstrate Falcon’s consistent automated protection and remediation capabilities.  

Falcon conducts more than 150 million indicator of attack (IOA) decisions every minute to automatically detect and protect against threats, leveraging machine learning, data analytics and the power of the cloud to process upward of 1 trillion events per day to identify potential IOAs and malicious activity. CrowdStrike’s ability to collect, analyze and draw value from threat-related information across any IT estate enables continuous improvement of Falcon’s automated remediation and protection capabilities to effectively block threats and stop attacks. 

Why Low False Positives Matter

Improper detection of common business software as malicious (also known as false positives) can create business interruptions triggered by automated remediation procedures, potentially causing severe problems. 

False positives from endpoint security solutions can directly impact the total cost of ownership (TCO) of endpoint security solutions for enterprises. For example, business disruptions caused by false positives can directly affect an organization’s bottom line. Costs can include person-hour costs associated with helpdesk interventions for getting systems back into production after automated remediation procedures are triggered by false positives, causing disruptions on machines. 

Another result of false positives is alert fatigue, leading to increased TCO for an endpoint security solution. When an overwhelming number of alerts desensitizes the team tasked with responding to them, the detection and response to potentially malicious activity can be missed, ignored or delayed. This degradation of the company’s ability to detect a real malicious incident also means more time spent by analysts to triage and remediate benign incidents rather than focusing on responding to malicious incidents.  

Whether false positives lead to business disruption or alert fatigue, an endpoint security solution that delivers few to no false positives becomes a tactical business decision for organizations.

CrowdStrike Falcon: A Long-Time Testing Player

The Falcon platform has an impressive and consistent track record for achieving excellent results in independent third-party evaluations from leading testing organizations, such as AV-Comparatives, SE Labs and MITRE, and we fully support and applaud their efforts. 

While there is no single testing organization or evaluation to determine the industry’s best endpoint security solution, one of the best benchmarks for assessing an enterprise security solution can be the vendor’s commitment to participating in these tests and demonstrating consistent and transparent results in terms of automated detection and protection capabilities against threats and sophisticated adversaries. 

Whether it’s being named a strategic leader in AV-Comparatives Endpoint Protection and Response tests, being awarded a AAA rating an impressive 12 times in SE Labs Enterprise Endpoint Protection reports since March 2018, or being named a leader in the Gartner Magic Quadrant for Endpoint Protection Platforms (EPP), CrowdStrike remains committed to independent testing to show the power of the Falcon platform to stop breaches.

Additional Resources

Go to Source
Author: Liviu Arsene – Joe Faulhaber

You may also like...