Skip to the next paragraph if your eyes glaze over at the long, long titles of industry reports: the AV-Comparatives Endpoint Prevention and Response Comparative Report 2025, MITRE ATT&CK Evaluations Enterprise 2025, or the 2025 Gartner® Magic Quadrant™ for Endpoint Protection Platforms.
Despite their wordy nomenclature, every report mentioned above has a beneficial role in canvassing the colorful endpoint security landscape. Learned professionals capture its essence, so that security operators can work out which solutions should go into their protection stack.
It’s a bit like a figure drawing class: every artist will sketch the subject from a different viewpoint. You can tell it’s the same person in the picture, but every angle uncovers fresh perspectives. It’s up to the incident analyst, security manager, or CISO to make sense of them. How? And is there a way to connect the lines between them? Let’s help you figure it out.
Key points of this article:
- Well-known industry analyst houses like Forrester, Gartner, and specialist test labs like AV-Comparatives, SE Labs and others, provide a wide selection of cybersecurity tests and reports.
- Some focus on a particular product, like XDR, others on features like anti-tampering, or report on the broader security market to provide a view from a higher altitude.
- Some, like the MITRE ATT&CK Evaluations, go as far as to pit products against known advanced adversary attacks.
- Navigating the volume of reports across multiple scenarios can be difficult. Tackling each selectively based on a security practitioner’s or organizations’ needs can make the final decision about a product/service purchase a lot easier.
- The overall cybersecurity picture might appear chaotic in nature, but with the help of industry analysts, objectivity is applied to individual subjective interpretations, helping vendors and their customers make more informed decisions.
Penciling an outline
Every picture begins with an outline, and every security story begins with an endpoint in mind. These endpoints, located at the heart of organizational infrastructure, are responsible for keeping companies viable – from day-to-day reporting to major transactions.
Producing value is one thing, but keeping it safe is another: hence the need for appropriate endpoint security measures. Most well-regarded independent analyst and lab test reports focus on endpoints, since they’re at the crossroads of every activity, including malign.
The challenge is that there are a lot of these reports. For endpoint platforms in particular, you have reports focused on:
- Being business- or consumer-oriented: Obviously, each category requires a different approach to security, since a home PC doesn’t exactly need an extended detection and response solution to stay secure.
- Market reports: These are more for the industry analysts to map how particular vendors are performing, so you have the Radicati APT Protection Market Quadrant or the well-known Gartner® Magic Quadrant™ for Endpoint Protection Platforms.
- Professional or customer opinion: While independent sector-specific analyst house tests are often conducted by topic experts, aggregate peer or customer review boards like G2 or the Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection provide more in-world based feedback.
- Size and scope: Are you an enterprise or a smaller business? Do you know which product might fit you better? Looking for sector-specific reviews? Look no further than the AV-Comparatives Advanced Threat Protection Test Enterprise or the SE Labs SMB Endpoint Security (Protection) test. SE Labs goes as far as to separate its tests into SMB and Enterprise versions.
- Location: Products might be offered globally, but some tests review them from a geographical perspective for local viability, like The Forrester Wave™: Managed Detection And Response Services In Europe.
- A specific security feature/service: We’ve mentioned MDR and endpoint protection, but there are also tests like the AV-Comparatives Anti-Tampering Certification Test focused on a specific product function, Forrester’s Mobile Threat Defense (MTD) Solutions Landscape report tackling mobile security, or solution-specific SC Awards.
- Advanced attack scenarios: The MITRE ATT&CK Evaluations Enterprise offers a diversity of insights via attack emulations which seek to show both a product’s nominal detection and protection performance and, critically, attempt to unpack sensitivity thresholds when delivering on that performance. Similar comparative results are also provided by SE Labs’ PIVOT, examining protection, detection and forensic investigation capabilities.
There’s a test for anything, basically. If you’re feeling a bit lost, don’t worry. Navigating the industry analyst landscape is not for the faint-hearted, but it’s not as difficult as it looks. There is also a massive benefit in using the individual tests and reports together to triangulate your perspective and sense-check assumptions.
Blocking in and layering
A major step when making a painting is blocking, accentuating light areas on a canvas, adding basic shapes and colors, followed by layering, giving more details and depth to the painting.
If you look at our list of various tests, you can make out a sequence going from more general reports (like the market quadrants) to some very specific ones (such as the Anti-Tampering test). Every report serves a different purpose and audience, but they all add up to a larger picture.
Navigating and finding what performance thresholds, features and operational approaches suit the needs of your environment and your security analysts is a question of personal interest and company requirements.
Interested in market trends? Go for one of the market quadrant reports. Are you a European CISO searching for local security solutions? Check out the ECSO Cyberhive Matrix, which accounts for three different categories: MDR, XDR, and SOC-specific tools like threat intelligence. Needing more transparency into the performance of a particular EDR solution against an advanced threat group? MITRE ATT&CK Evaluations Enterprise is the one for you then.
Did you know? The MITRE ATT&CK differenceMITRE’s Enterprise Evaluation is an annual reminder that there are a wide diversity of approaches to investigating the qualities of various security products and services. MITRE’s ATT&CK evaluation may be an outlier in that it is neither a commercial test (so, not a packaged product), nor does it deliver guidance or take stance on “what’s best”.Perhaps the best way to position MITRE’s contribution here is as an “academic study” of utility/efficacy of detection and response tools across a variety of different use cases. Using the metaphor of an artist drawing a model from their own perspective, MITRE’s evaluation sits in each student’s chair, drawing the model from each and every perspective and then attempts to define how each location has impacted the resulting image(s) taken from that position.
At the same time, it’s also good to mix and match here. It’s said that a person is the average of five people they spend the most time with. From that perspective, a cybersecurity solution is only as good as its score across five different tests. Academics also rely on peer reviews to verify their work, and this is as close as it gets.
Finishing touches
The security painting is almost finished. What remains is to fill in a few spots, to touch up a few details.
For additional details, security managers should seek further confirmations of a vendor’s strength by exploring their partnerships (partner support or various joint efforts against APTs), their involvement in major initiatives and security events (like the Locked Shields cyber-wargames, or RSAC). These are all auxiliary efforts rounding out the “vibes” a security vendor gives.
Alternatively, if a vendor doesn’t care to get involved, then perhaps security isn’t really in their interests.
ESET’s take on testing
Independent testing is central to ESET’s commitment to transparency and product excellence. Independent evaluations explain how – and if – what we make works, and also gives us valuable insight into what we can adjust or improve to make it even better.
By participating in leading industry evaluations, including the MITRE Engenuity ATT&CK Evaluations – which assess detection capabilities against real-world adversary behaviors – we gain objective insight into our strengths, areas for improvement, and the effectiveness of new technologies. In a crowded cybersecurity market, this independent validation provides trusted, third-party proof that ESET delivers the protection and performance organizations expect.
But don’t take our word for it. See for yourself how we performed in this year’s MITRE ATT&CK Evaluations, whether the results in detection count/volume and protection align with your expectations, compare them with other tests and you might make out where ESET lies in the surreal landscape of cybersecurity.
