SE Labs, an AMTSO (Anti-Malware Testing Standards Organization) member and independent, UK-based testing laboratory evaluated Acronis Cyber Protect Cloud with Advanced Security + EDR in May 2024. The product was subjected to advanced EDR testing to assess its capabilities against a variety of hacking techniques. The testing methodology mimicked real-world cybercriminal behavior, following complete attack chains to thoroughly evaluate the product's performance in detecting, protecting, and mitigating cyber threats.
Acronis Advanced Security + EDR achieved a 100% Detection Accuracy Rating against every element of the attacks, from initial delivery to subsequent malicious activities. Additionally, the product effectively tracked and mitigated malicious activities throughout the attack chain.
MITRE-like testing methodology
SE Labs’ testing approach involved setting up realistic networks and performing comprehensive attacks that mirrored the real-world tactics used by cybercriminals. The testers employed a variety of tools and techniques to penetrate the target systems, simulating full attack chains to understand the product’s efficacy. SE Labs emphasizes that each step of the attack, from initial penetration to potential data theft or system damage, was carefully executed and monitored. This particular test series was based on real-world threat actors:
- Scattered Spider: A financially motivated group known for high-profile attacks.
- APT29: Renowned for embedding ransomware in PDF documents.
- Lapsus$: Notorious for social engineering and credential harvesting.
The testing covered five stages of a cyberattack:
1. Initial contact: Phishing emails or exploiting vulnerabilities in internet-facing applications.
2. Access and execution: Gaining initial access and executing malicious payloads.
3. Privilege escalation: Obtaining higher-level access to perform more harmful actions.
4. Lateral movement: Moving within the network to compromise additional systems.
5. Data theft and damage: Stealing sensitive information or damaging the network.
The test network included various components such as workstations, file servers, domain controllers, cloud-based email services, and a command and control (C&C) server. This setup allowed for realistic simulations of lateral movement and other advanced attack techniques. The network configuration was designed to reflect real-world enterprise environments, ensuring the validity of the testing process.
For EDR evaluations, SE Labs uses the MITRE ATT&CK framework to illustrate the attack stages and how the product responded at each stage. This framework helps in visualizing the attack progression and the product’s detection and mitigation points.
The testing confirmed that Acronis Advanced Security + EDR is capable of identifying and responding to attacks at various stages, effectively mitigating potential damages.
100% detection score for all phases of attacks
The product’s performance was evaluated based on detection accuracy, protection capabilities and it’s accuracy when classifying legitimate applications and URLs. The main findings are summarized as follows:
Best possible Detection Accuracy: Acronis Advanced Security + EDR scored 100% in detecting every element of the attacks, from initial delivery to subsequent malicious activities. The product detected both the delivery and initial execution of all attacks, whether through spear phishing or application exploits.
Top-level protection: The product effectively tracked and mitigated malicious activities throughout the attack chain. Acronis Advanced Security + EDR successfully detected attempts to escalate privileges and move laterally within the network.
Legitimate Accuracy: There were several false positives, with some uncommon legitimate apps misclassified as threats, resulting in a Legitimate Accuracy Rating of 77%. These were quickly fixed after the results of the test were analyzed by Acronis specialists.
All this resulted in a Total Accuracy Rating of 88% — a prestigious AA rating for enterprise advanced security. This is impressive keeping in mind that the Acronis Advanced Security + EDR was released only one year ago.
Conclusion
Acronis Cyber Protect Cloud with Advanced Security + EDR demonstrated robust capabilities in detecting and mitigating advanced threats. The product's overall performance was impressive, providing a high level of security for enterprise environments. SE Labs specialists noted that the Acronis product excels at identifying various stages of cyberattacks, ensuring comprehensive protection.
You can read the full report here.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.