Endgame Excels in NSS Labs Test, Continuing a Commitment to Transparency

third party testing

Today NSS Labs announced the results of their second annual 2018 Advanced Endpoint Protection (AEP) Public test. Endgame is proud to be included in this year’s results. Endgame achieved the coveted “Recommended” rating from NSS, achieving exemplary security effectiveness throughout all tests while maintaining a Total Cost of Ownership (TCO) below the industry average. Since this is only the second year of the test, I will provide an overview of the NSS Labs test, reiterate Endgame’s participation in public tests as part of our commitment to transparency, and detail our specific performance results.


What Does NSS Labs Test?

NSS tests several factors to thoroughly evaluate endpoint security products and provide enterprises a comprehensive overview of how endpoint products fare against top cyber threats. The evaluation criteria includes security effectiveness, a false positive rating, and the product’s TCO. Security effectiveness is simply a measure of how well an endpoint product blocks threats. The false positive rating is the rate at which the product incorrectly identifies benign artifacts as malicious. Finally, the TCO is calculated using the product purchase price, the product maintenance costs, and assumed costs associated with incidents, breaches, and false positives. A complete view of the NSS test Methodology can be found on their website. These three factors are combined and then compared with other vendors to produce the Security Value Map (SVM). The SVM graphs all tested vendors along the dimensions of Security Effectiveness (y-axis) and TCO (x-axis). Vendors that achieve the “Recommended” status are above average in both categories. Enterprises can use the SVM as an input to assist in their buying process since NSS Labs test results are an unbiased measure of an endpoint product’s performance and cost.


Why Does Endgame Participate in Public Tests?

Endgame is firmly committed to transparency regarding our product’s capabilities, and believe security vendors need to abide by the values of integrity and transparency. As we’ve written previously, openness and transparency are essential to improved security. Part of this commitment includes participation in third-party testing. Of course, these tests do not come without specific assumptions and limitations. For instance, the testing occurs in a controlled environment and does not specifically capture the nuances of a sentient adversary or targeted attacks. Tests also only reflect a snapshot in time as opposed to the drastically changing threat landscape.

Despite these limitations, unbiased third-party assessments provide numerous benefits, including the ability to provide consumers apples to apples comparisons of products based on the the same metrics. In addition, although the tests do not include every threat actor and mode of compromise, they do include many of the most prominent attacker techniques, such as advanced malware, exploits, blended threats, evasion techniques, and even previously unknown threats. By participating in the public NSS tests (and other public evaluations like AV Comparatives, MITRE Assessments, SE Labs’ Malware Test, and the Gartner Magic Quadrant) we allow our customers to decide for themselves what endpoint products they should consider evaluating. Oh, and we 100% believe in our product’s capability to stop targeted attacks.


How Did Endgame Do?

Endgame performed outstanding in its first public NSS Labs test. Endgame received the highest possible rating NSS provides. Overall, Endgame blocked over 95% percent of the threats tested. This percentage included stopping 100% of email delivered malware (or phishing attacks), one of the most common attack vectors. Endgame also stopped 100% of the evasion attempts, techniques cybercriminals deploy to disguise and/or modify attacks in order to avoid detection by security products. In addition, Endgame stopped 100% of attacks while the endpoint was disconnected from the enterprise environment, proving the value of the Endgame autonomous agent and its ability to protect endpoint users regardless of location. As a comparative point, the average prevention rate of the 20 security products tested was approximately 88%.

Endgame not only earned a best in class in prevention rating, but also had zero false positives and a low total cost of ownership. False positives can wreak havoc on a security program by forcing SOC teams into long triage and tuning processes. Due to Endgame’s zero false positives, security teams can focus on stopping real threats. Using Endgame, security teams can also stop threats at a lower total cost of ownership than the industry average for security products. The industry average for TCO is $690 dollars. Endgame delivers value at less than a third of that cost.

While NSS and other public testing houses assess a range of criteria, they do not test for the ease of use of security products. This is another area where Endgame provides clear differentiation from the other vendors in the test. Endgame allows security teams to elevate the skills of their current analysts by providing:

  • Endgame’s AI-powered security mentor, Artemis® , that uses natural language understanding to automate attack triage to empower analysts of all skill level to stop targeted attacks.  

  • Endgame Resolver™ that provides real-time data collection and analysis of file, registry, user, process, network, netflow, and DNS data to visually render the origin, extent, and timeline of an attack.

  • Endgame Arbiter® to automate advanced attack analysis and determine file reputation, attack type, and extract IOCs to reveal previously unknown threats across the entire enterprise.



Public tests such as NSS Labs’ Advanced Endpoint Protection Group Test can provide a valuable data point for enterprises making a decision to upgrade their security program. However, enterprises should use these tests as one of many inputs into the buying process. Hands on testing within your unique environment is also essential. Only then can you truly evaluate a product's ability to stop targeted attacks across the full scope of attacker techniques and determine if that product can be used with your existing team, leveraging your existing investments, and thereby reducing your total cost of ownership.