Elastic Security maintains Product Approved status for AV-Comparatives

Organizations need real-world protection from malware, but how do you know what you’ll get for security coverage in advance of purchasing a product? AV-Comparatives offers a comparison as an independent organization performing systematic testing that checks whether security software lives up to its promises. They create a real-world environment for accurate testing.

The testing is well-regarded in the industry, assessing malware prevention, real-world protection, and performance of antivirus products. Elastic has performed well consistently on malware protection testing since 2017, starting with our legacy Endgame product and achieving Approved Business Security Product each test cycle. Now, we’re performing better than ever on the real-world protection test. 

Security software testing options

There are several tests that AV-Comparatives performs as part of their business security test. Their real-world protection test simulates what happens if a user stumbles into downloading malware from the internet. Their malware protection test simulates how various solutions respond if malware is already present on the user’s machine, local network, or a device (like a USB drive). 

Both tests use a variety of malware samples, both old and new. The real-world protection test includes many “zero day” malware samples which haven’t been seen in places like Virustotal before testing. The malware protection test includes a higher percentage of more well-known malware files.

Elastic has improved since last year’s Main Test Series report, where we achieved approved-product status. In this final report on Business Security Product testing for 2022, we were approved again. We hit 99% detection efficacy, which translates to six misses across four months of real-world testing. 

Protection beyond these results

We continually improve our malware protection and the internal infrastructures and services that enable production of our malware models, signatures, and false positive reduction capabilities. The main improvements we made this year include productionizing our infrastructure for testing our code, training and validating our model, and changing how we build and test our model artifacts. Probably the biggest changes were made to the way we use lists to prevent false alarms, of which we had zero on common business software in the AV-Comparatives test.

What about features beyond malware protection? 

In the past, this testing has exercised only our malware protection features (static machine learning model + signatures). This is because the testing checks for any remnants left behind post-execution, like files or registry keys. Post-execution features like process injection prevention or behavior rules prevention often alert and block significant pieces of attacks that malware protections miss, but initial infection vectors and/or some artifacts like registry keys would be left behind. With recent improvements to Elastic Security’s self-healing rollback feature and its contribution to testing, we hope to do even better next year.

Check out AV-Comparatives’ full report to see how Elastic (and other security vendors) fared in this year’s analysis. We’re proud to continue our approach to security. We welcome third party testing and appreciate the transparency it offers. If you haven’t heard about what that means to us, learn more about our open approach.