skip to Main Content

[REPORT] How Sophos Endpoint Security stacks up to six endpoint security vendors

[REPORT] How Sophos Endpoint Security Stacks Up To Six Endpoint Security Vendors

Sophos Endpoint Security ranked #1 at detecting malware & potentially unwanted application


MRG Effitas is a UK-based, independent IT security research organization that focuses on providing cutting-edge efficacy assessment and assurance services, the supply of malware samples to vendors and the latest news concerning new threats and other information in the field of IT security.

With malware threats constantly growing increasingly complex*, this new Comparative Malware Protection Assessment report commissioned from MRG Effitas is essential reading.
It reveals how endpoint products from six different vendors, including Sophos, performed when put through their paces against new and unseen malicious executables. Highlights include:

  • Sophos ranked #1 at detecting malware
  • Sophos ranked #1 at detecting potentially unwanted applications
  • Sophos had an impressive false positive rate


“This report provides an independent comprehensive comparative assessment of enterprise endpoint protection products. In this assessment, we focused on executable malware. We used a wide spectrum of tests to cover advanced zero day threats that enterprise environments face.

This report contains the results of four test cases. The primary goal was to show the detection and prevention capabilities of new and unknown malicious executables.

The different test cases were a real world malware protection test, unknown/zero day malware protection test, longevity/holiday test and false positive tests.

In the malware protection test, we downloaded malware samples from URLs, and attempted to execute the samples. We also tested whether the product was able to late-block the malware, where the malware starts, but it is blocked at a later time during the test.

The unknown/zero day malware protection test was similar to the real world malware protection test, but in this test we selected samples which were not yet known to public malware file sharing services.

The longevity/holiday test simulated a user who was on vacation for 2 weeks, did not install any virus definition updates, and starts to browse the web two minutes after starting the machine, which was in sleep mode. This test provides insight into the decay rate of the protection effectiveness. Observing markedly lower protection rates in this test can indicate that the protection methods are very dependent on strict signature detection, or if machine learning is used that the detection model may be ‘over fit’ and not resilient when faced with new malware that is markedly different from what may have been common just a few days prior.

The malware protection, zero day test and longevity test were joined together in one chart called ITW test (in-the-wild malware). The Potentially Unwanted Applications (PUAs) are shown in a different chart.

For the false positive test, we collected a vast number of clean samples. We also focused on collecting rare and new samples, which are probably not yet known to vendors.

Based on the in-the-wild malware tests, Sophos Intercept X with Endpoint Advanced performed the best.

In the PUA test, Sophos Intercept X with Endpoint Advanced performed the best.

In the False Positive test, Trend Micro Smart Protection performed the best.


But don’t take our word for it. View the full report to see how the different vendors stacked up.

Sophos is taking a new approach to protection. Sophos Endpoint blocks malware and infections by identifying and preventing the handful of techniques and behaviors used in almost every exploit.

Sophos Endpoint doesn’t rely on signatures to catch malware, which means it catches zero-day threats without adversely affecting the performance of your device. So you get protection before those exploits even arrive.



×Close search