I’m not sure if you’ve also noticed, but I’m starting to suspect that the technology sector is absolutely overflowing with hype. So in fairness, we should all be in driverless flying cars powered by fusion energy and cloud computing, all paid for (via the blockchain, of course) with crypto. 

Cybersecurity is not immune: Perhaps hoodies and light-up mechanical keyboards should be the subject of international sanctions to protect us from bad people in comfortable clothing. 

Cutting through the noise—especially overconfident hype—is difficult, and it’s not helped by one particular nuance: Among mainstream cybersecurity products out there, very few are objectively bad. But they often go about doing their job differently and work best for different organizations’ needs.

This is where independent entities—analyst houses and testing labs—step in to provide perspectives, insights, and evaluations. 

Why analysts and testing labs matter in cybersecurity

Analysts interview users and vendors alike to identify what works, and for whom it works best, taking a view of the whole of the market and following specific elements in great detail, often for many years. Their word carries weight in boardrooms and with business managers looking for a high-level view built on a huge amount of insight and evidence.

At an operational level, more detail is needed on how this stuff works and what it does well, and this is where testing labs step in. A small number of testing labs have consistently evaluated and reported on cybersecurity products for years: AV-Comparatives, AV-Test, SE Labs, and MITRE are trusted by both buyers and vendors to give independent assessments of how well a cybersecurity package works. AV-Comparatives regularly certifies Endpoint Protection and Response (EPR) solutions, like ESET PROTECT Enterprise Cloud, for example.

The truth about certifications, or how assessment isn’t so simple

While EPR certification is one thing, comparative assessment also measures how good a solution’s active or passive response is and plots it against how much the whole thing costs. But as AV-Comparatives points out, placement up in the top right of its Enterprise CyberRisk Quadrant doesn’t necessarily mean a vendor’s solution is the best for every organization. To quote, “Products in lower areas of the quadrant could have features that make them well suited to your particular environment.”

Where AV-Comparatives gets more specific is in its EDR Detection Validation Certification testing, which tests Endpoint Detection and Response solutions granularly, including ESET PROTECT Elite, in simulated attacks. It’s worth pointing out that this test assesses detection capabilities only and that this test is a regular thing for ESET and other vendors. 

The important bit(s)

The way AV-Comparatives’ test team goes about its job for this assessment is worth explaining, as its approach speaks to two quite common challenges for security teams: (1) working out which stage of an attack will set off their security solutions’ alarms and (2) how “noisy” it is in normal operation. That last bit is important, and AV-Comparatives calls it the “signal to noise” measurement.

What does that mean? Well, it’s all well and good having a tool at your disposal that rings the alarm bells at every sign of potential attack, but this can quickly overwhelm security teams and makes it easier for a genuine attack to hide in a large volume of alerts, some of which are inevitably false positives or other errors.

Where ESET did well in the AV-Comparatives Validation Certification Test

The trick with most EDRs and Managed Detection and Response is to keep the noise manageable while still doing the job: Think alerts and intelligence that are useful rather than alarming. Going back to the first measure the test team used, this means the security solution needs to detect attacks efficiently. It needn’t do it at every single stage, in part because constant alerting isn’t always hugely helpful at the beginning or latter stages of an incident, but it does need to happen to provide context and useful alerts.

ESET PROTECT Elite Cloud did well. Of the 14 steps in the simulated attack, the EDR alerted to 11. The three “missing” detections are spaced out throughout the attack, suggesting that defenders will already be alert to what is going on in most cases. It’s also something to consider when buying: Do you have existing tools that cover these points? 

For example, your enterprise email platform might already feature countermeasures such as sandboxing against malware delivery. Again, your security environment is unique, and you might have well-considered defenses for specific infrastructure.

I mentioned earlier that this is the latest installment of this test for ESET PROTECT, and it’s worth looking at the historical side of things for two reasons: first, long-term dedication and development in cybersecurity and, second, historic indicators of both successful detection (in this case) and improvements or updates that have either kept the solution up to date or amended shortfalls in previous iterations.

Interpretation is where the customer is king

So two things: First, the results from test labs are hugely useful for technical buyers to assess both capability and how products or solutions could fit in their organizations. To make an analogy, a dirtbike, a 4x4, and a bulldozer are all capable of crossing rough ground, but each caters to different users well. Second, both individual and series of results provide a proof point over a significant period of time for anyone looking to pick potential solutions for their organization, especially when combined with input and perspectives from industry analysts and peers.

“Ultimately, ESET PROTECT Elite did us proud. ESET earned the EDR Detection Validation Certification Test by successfully detecting multiple techniques employed in the test attack scenario, showcasing robust detection capabilities throughout several critical stages of the simulated attack chain,” said Pavol Balaj, ESET chief business officer. 

As AV-Comparatives put it, “ESET delivered strong execution-time detection, good process context and several genuinely useful alerts across malware execution, injection, C2 behavior, and administrative abuse, but it was less consistent when the attack relied on valid credentials, quieter reconnaissance, or higher-level Active Directory techniques that required more semantic understanding than pure process-level visibility.”

Continuous refinement does the trick 

Cybersecurity is a process of continuous development, common to every vendor in the field, and independent testing like AV-Comparatives' EDR Detection Validation is a big help because it highlights exactly where we can make life easier for our customers. Handling attackers who use valid credentials is one such area, and it is one ESET is actively strengthening through identity-driven detection on several levels.

Presently, ESET PROTECT includes dedicated EDR detections for identity-related threats that correlate into incidents. Where the customer has connected the Microsoft Entra ID or Active Directory integration, the incident view also surfaces relevant details about the affected identity and offers identity-related response actions directly. ESET ingests identity-related indicators from integrated sources (currently Microsoft Entra ID), surfacing them for investigation in Advanced Search; correlating these indicators directly into incidents is being added now. Building further, ESET is developing identity threat detection and response (ITDR) that will ingest telemetry from Microsoft Entra ID and Active Directory and generate ESET's own identity indicators, feeding into incidents to reveal these threats more fully.

Detecting this reliably is a genuine challenge: activity performed with valid credentials rarely reveals intent in a single event, and one signal alone cannot always separate suspicious from legitimate use - especially during quieter, early reconnaissance. By correlating more signals across more perimeters, ESET expects to surface these attacks more effectively and more consistently, while keeping alerts meaningful rather than overwhelming. Where organizations want human-led depth on top of that today, ESET MDR and ESET Private SOC add expert analysis of the quieter stages of an attack.

Conclusion

We’d encourage you to read the full report (as well as similar reports from any other vendors you are considering) before making a decision as to what works best for you. These test reports are some of the most valuable insights available to cut through the hype and get actual understanding.