{"id":1688,"date":"2024-09-25T06:11:28","date_gmt":"2024-09-25T06:11:28","guid":{"rendered":"https:\/\/xdr-mdr.lmntrix.com\/main_web\/?p=1688"},"modified":"2024-10-19T06:49:06","modified_gmt":"2024-10-19T06:49:06","slug":"is-microsoft-one-of-the-most-effective-av-vendors-on-the-planet","status":"publish","type":"post","link":"https:\/\/lmntrix.com\/blog\/is-microsoft-one-of-the-most-effective-av-vendors-on-the-planet\/","title":{"rendered":"Is Microsoft one of the most effective AV vendors on the planet?"},"content":{"rendered":"
\n
\"money\"<\/figure>\n<\/div>\n\n\n

If you\u2019d asked us this question only a few years ago we\u00a0would have laughed in your face. Today, not so much.

For the past 18 months, we\u2019ve been comparing all the validated breaches we\u2019ve detected at an investment banking client against 15 prominent AV vendors. These breaches completely bypassed best practice controls including NGAV, EDR, NGFW, Web and Email Gateway, WAF, SIEM and the client even outsources their security monitoring to a Gartner-leading MSSP.

We ranked these AV vendors using Virus Total results on their detection effectiveness. Our findings are outlined in the table below. We first published similar research over a year ago and due its popularity we\u2019ve updated this table with new vendors.\u00a0<\/p>\n\n\n\n

\"\"<\/figure>\n\n\n\n


Malware Missed Data Sheet<\/a>

As this table demonstrates, Microsoft\u2019s ability to use its footprint, research might and renewed focus on security is starting to pay off. In our testing, Microsoft was ranked third, missing 39\u00a0out of 94\u00a0malicious hashes. Only Fortinet (34\u00a0misses) and ESET (26\u00a0misses) ranked higher. Compare these results to the three worst ranked vendors who missed at least 80 malicious hashes and it\u2019s clear Microsoft\u2019s baked-in AV is one of the most effective. \u00a0

This makes sense, and we expect Microsoft to continue to improve, considering it owns the code for their operating system and as such are best placed to identify weaknesses.

Recent reports suggest the global AV market is worth US$3.7 billion<\/a>\u2026 for what? Our analysis shows more than half of the AV vendors missed most of the malicious hashes we discovered. So, is AV just a scam?\u00a0

Enterprises across the world are collectively spending billions of dollars on commercial AV products when one of the best is available for free.\u00a0

Are you feeling duped? Well don\u2019t. Everyone is in the same boat, following the same security architectures and best practice standards. Despite following best practice, we see the same results in every organisation we work with. Regardless of the number of controls they have in place, \u2018next-gen\u2019 solutions continue to miss clearly malicious attacks.\u00a0

Not only do some of the most expensive solutions consistently score the worst, Microsoft Defender \u2013 the free AV on every Windows 10 device \u2013 is always one of the best ranked\u2026 and it\u2019s now available for Mac too. If you\u2019re wondering, most of our clients rely exclusively on LMNTRIX to detect endpoint threats, those who don\u2019t, use the free Microsoft Defender solution.\u00a0

Still think your AV is effective?\u00a0

Then consider this. Earlier this month, elite Russian hackers are reported to have breached the network of three U.S AV vendors<\/a>. If confirmed, not only are these vendors\u2019 offerings now even more worthless than they were previously, they also show they can\u2019t keep themselves safe. Let alone you.\u00a0

AV is just one of the problems plaguing cyber security. I could spend hours talking about how SIEM, SOCs and MSSPs continuously fail to detect anything worthwhile \u2013 in fact, I\u2019ll write another post next week exploring these.\u00a0

As an industry if we keep doing the same thing over and over again and expect a different outcome then we truly are insane. If we keep following each other like sheep, following compliance mandates and best practices that are outdated as soon as they\u2019re published, breaches are only a matter of time. Something has to change if we expect a different outcome.

Are you starting to change your mind-set?

If you\u2019re an end user organisation then I urge you to contact us on info@lmntrix.com<\/a> and let us share with you how we achieve these incredible results. At the least we\u00a0may be able to enlighten you further.

If you\u2019re an AV vendor and feel a little bruised, don\u2019t be. Instead hit \u2018Like\u2019 then forward this blog to your R&D team and tell them to get their sh!t together.

If you\u2019re in the channel or an MSP and would like to truly help your clients improve their risk posture and deliver this exact advanced threat detection and response capability, then consider partnering with us. We sell exclusively through the channel and have global presence. Best of all, we work with you to deliver the end outcome to clients. To learn more, visit lmntrix.com<\/a>\u00a0or get in touch using partner@lmntrix.com<\/a>.\u00a0

If you enjoyed this article and you would like to learn more about our thinking, the following articles are a good start:
<\/p>\n\n\n\n