Cylance vs Eset antiransomware protection level

[NALG IT Admin 0]

We are an enterprise company and we've been using Eset End Point protection since 4 years now with a good satisfaction level pertaining performance, protection and light on PCs.

We are at a point to renew our ESET subscription and co-incidentally came across the link https://www.gartner.com/reviews/market/endpoint-protection-platforms/compare/cylance-vs-eset

Where it says the below from some Users

Cylance Vs ESET Comparison :

 

Ø  ESET are known to be light on computing resources (good) but VERY LOW efficacy against both known and unknown attacks (bad).

Ø  According to NSS Labs 2018/2019 ESET scored less than 90% in their overall protection while we scored 99.1% and 98.1%.

Ø  ESET users complain about Ransomware Protection being very poor. Check the following:

https://www.gartner.com/reviews/market/endpoint-protection-platforms/compare/cylance-vs-eset

 

Ø  ESET claim to use of Machine learning, but this may only be to generate the signatures.

Ø  Machine Learning and Artificial Intelligence is Cylance’s bread and butter. In this space, Cylance is lightyears ahead!

Ø  Cylance stays ahead of the adversary on average by 25 months.

 

I request to give us insights about Ransomeware protection level by Eset in comparison to Cylance Protect product. This will help immensely to make a beneficial decision for the organization it work for.

Regards

Perplexed IT Admin. 

 

 

 

[Marcos 5,070]

Hello,

ESET employs multi-layered protection about which you can read more at https://www.eset.com/int/about/technology/ where you can also watch demonstration videos.  ESET is actually very good at detecting both old and new borne malware.

We protect you at various layers:
1, The network layer
This involves highly effective url blocking, malicious script detection, network attack protection to protect unpatched systems from exploiting vulnerabilities in network protocols, e.g. EternalBlue SMB vuln., BlueKeep RDP vulnerability, etc. While downloading files, we employ advanced heuristics and more aggressive detection as well.

2, File system layer.
When scanning files by real-time protection, files are emulated (run in a virtual environment) by advanced heuristics. This enables us to detect new borne malware by DNA detections.

3, On execution, in memory
Advanced memory scanner scans already unpacked files in memory upon execution. This enables to detect and block packed or obfuscated malware that authors use to evade detection by most of AV scanners. Then there is Exploit blocker which is able to detect new exploits targeting popular applications generically by monitoring them for suspicious activities. To protect you from ransomware, besides DNA detections we also employ Ransomware shield which monitors processes for ransomware-like activities.
Last but not least, we've started leveraging Augur, a machine learning system to cover malware that might slip through protection modules.

Always up to date with new malware
Utilizing LiveGrid and streamed updates, we ensure that you are protected against newly emerging threats virtually instantly.

Improving protection with ESET Dynamic Threat Defense (EDTD)
Recently we've introduced an additional service EDTD which provides instant analysis of suspicious files in ESET's cloud sandbox while also employing machine learning and other techniques to asses files. E.g. with EDTD enabled in Mail Security products, emails with suspicious attachments (e.g. documents with a macro) are not delivered immediately to mailboxes but with a small delay needed for analysis in EDTD. Emails that possibly contain new malware will be blocked which eliminates the gap between new malware starts to spread and the time when a detection is added via update or files are blocked via LiveGrid.

For more information, please read https://www.eset.com/int/business/dynamic-threat-defense/.

Ransomware
Basically all cases with ransomware infections were those when the user didn't have the system secured and an attacker was able to log in with administrator rights, paused protection and ran the ransomware manually.

A case that I've just come across when a user was recently hit by ransomware. While it may look like that it passed through ESET and encrypted files, analysis of logs showed that the detection was added in February 2019 and attackers logged in via RDP, paused ESET (because of no password protection or having detection of pot. unsafe applications enabled) and ran this ransomware which is still undetected by many AVs, at least not with the on-demand scanner:

ESET MSIL/Kryptik.QXL trojan    MSIL/Filecoder.TH trojan
S  clean
A  clean
M clean
D  clean
A  clean
B  clean
K  Trojan-Ransom.MSIL.Agent.abp
M clean

With RDP secured and keeping machines patched and with settings protected with a password to prevent unauthorized persons from pausing protection or uninstalling ESET, the chances of getting infected with ransowmare or other malware are basically almost zero.

ESET Enterprise Inspector (EEI), ESET Threat Monitoring and ESET Threat Hunting services
We've also developed an EDR solution for monitoring your network for suspicious operations and responding to incidents, e.g. by blocking desired suspicious files by hashes. EEI comes with about 230 pre-defined rules by ESET that are based on the behavior of malware or non-typical behavior that should not normally occur. After setting up desired exclusions, it's a very strong tool in your hand that you can use to find weak points in your company that could be exploited and act as an infection vector in the future.
For companies that do not have CSO or staff that would keep monitoring the network, we're going to offer the ESET Threat Monitoring service when trained staff will keep an eye on what's going on in your network and provide you with reports on a regular basis.

For more information, please read:

https://www.eset.com/int/business/enterprise-inspector/

https://www.eset.com/int/business/services/threat-monitoring/

https://www.eset.com/int/business/services/threat-hunting/

 

Also ESET has been a pioneer in the AV industry for more than 30 years, with the first version of the AV introduced in 1988. Since 1992 when the company was found, a lot of intensive research in the field of IT security has been done by ESET and we have received many awards for the research. Neural networks were first implemented in ESET's products in 1998, ie. 14 years before the other company was found. The long term experience of ESET in the IT security field guarantees you maximum available protection with an extremely light system footprint.

 

[itman 1,659]

As  far as Cylance goes, you would would be well advised to bypass the "marketing" reviews of it.

Here is an article on actual penetration testing against Cylance: https://www.mdsec.co.uk/2019/03/silencing-cylance-a-case-study-in-modern-edrs/

Here's a recent AV lab test Endpoint Comparative test against ransomware: https://www.mrg-effitas.com/wp-content/uploads/2019/06/201704-MRG-Ransomware-Test.pdf . Please note that in the report Cylance adamantly refused to be tested although MRG had already acquired a valid paid license of it. 

You would be again well advised to stay away from a security product that has consistently "cherry picked" what lab tests it will allow its product to participate in.

Edited July 1, 2019 by itman

[itman 1,659]

One other comment that is the "lead in" statement on this web page: https://www.eset.com/int/business/ .

Eset has over 110 million users worldwide. The Garter analysis was based on 419 reviewers. By a factor of 2 to 1, the largest reviewer category was services. The largest category by revenue by a factor of close to 50% to the next highest category were SMBs.

I believe the above sample set basis speaks for the quality of the review summary.

[Marcos 5,070]

https://www.vice.com/en_us/article/9kxp83/researchers-easily-trick-cylances-ai-based-antivirus-into-thinking-malware-is-goodware

Every AV company must not rely on machine learning itself. We use a combination of different approaches, including AI and ML, as also mentioned at https://www.eset.com/int/about/technology/.

 

Related documents and articles:

https://www.eset.com/blog/enterprise/is-the-ai-hype-muddling-the-meaning-of-machine-learning/

https://cdn1.esetstatic.com/ESET/BLOG/Whitepapers/2018/ESET_AI_hype.pdf

https://www.welivesecurity.com/wp-content/uploads/2019/02/ESET_MACHINE_LEARNING_ERA.pdf