業界測試中最高評分Top scoring in industry tests

重要

改良的 Microsoft 365 安全性中心現在可用。The improved Microsoft 365 security center is now available. 這個新的體驗會將適用於端點的 Defender、適用於 Office 365 的 Defender、Microsoft 365 Defender 和更多功能帶到 Microsoft 365 安全性中心。This new experience brings Defender for Endpoint, Defender for Office 365, Microsoft 365 Defender, and more into the Microsoft 365 security center. 了解新功能Learn what's new.

想要體驗 Microsoft 365 Defender 嗎?Want to experience Microsoft 365 Defender? 您可以在實驗室環境中評估在生產環境中執行試驗專案You can evaluate it in a lab environment or run your pilot project in production.

Microsoft 365 Defender 技術在獨立測試中一貫獲得高分,展示其企業威脅防護功能的優勢。Microsoft 365 Defender technologies consistently achieve high scores in independent tests, demonstrating the strength of its enterprise threat protection capabilities. Microsoft 致力於透明地呈現這些測試分數。Microsoft aims to be transparent about these test scores. 此頁面將結果摘要並提供分析。This page summarizes the results and provides analysis.

Microsoft 365 DefenderMicrosoft 365 Defender

Microsoft 365 Defender 是一套統一的缺口前與缺口後之企業防護套件。Microsoft 365 Defender is a unified pre- and post-breach enterprise defense suite. 該套件原生協調端點、身分識別、電子郵件和應用程式之間的偵測、防護、調查及回應,以提供針對複雜攻擊的整合式保護。It natively coordinates detection, prevention, investigation, and response across endpoints, identities, email, and applications to provide integrated protection against sophisticated attacks.

Microsoft 365 Defender 將 適用於端點的 Microsoft Defender適用於 Office 365 的 Microsoft Defender適用於身分識別的 Microsoft DefenderAzure Active Directory Identity ProtectionMicrosoft Cloud App Security 的功能合併為單一解決方案。Microsoft 365 Defender combines the capabilities of Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Identity, Azure Active Directory Identity Protection, and Microsoft Cloud App Security into a single solution.

MITRE:示範真實世界的偵測、回應,以及對進一步攻擊的保護MITRE: Demonstrated real-world detection, response, and protection from advanced attacks

MITRE 測試方法的核心是模擬真實世界的攻擊,以了解解決方案是否可對其適當地偵測與回應。Core to MITRE’s testing approach is emulating real-world attacks to understand whether solutions can adequately detect and respond to them. 雖然測試著重於端點偵測及回應,但 MITRE 模擬的 APT29 攻擊跨越多個攻擊網域,創造機會讓防禦者不僅僅是端點保護。While the test focused on endpoint detection and response, MITRE’s simulated APT29 attack spans multiple attack domains, creating opportunities to empower defenders beyond just endpoint protection. Microsoft 以 Microsoft 365 Defender 擴充了端點以外的防禦者可見度。Microsoft expanded defenders’ visibility beyond the endpoint with Microsoft 365 Defender.

  • 以 ATT&CK 為基礎的 Microsoft 365 Defender 評估 - 2020 年 5 月: 在真實世界偵測中領先ATT&CK-based evaluation of Microsoft 365 Defender - May 2020: Leading in real-world detection

    Microsoft 365 Defender 在攻擊鏈的階段中提供近 100% 的涵蓋範圍。Microsoft 365 Defender provided nearly 100 percent coverage across the attack chain stages. 它傳遞了對於攻擊者活動領先的全新可見度。It delivered leading out-of-box visibility into attacker activities. 可見度大幅減少依賴特定的設定變更之安全性作業中心和廠商解決方案的手動工作。The visibility dramatically reduces manual work for the security operations center and vendor solutions that relied on specific configuration changes. Microsoft 365 Defender 在可見度上也有最短的間隔,降低攻擊者未偵測的操作能力。Microsoft 365 Defender also had the fewest gaps in visibility, diminishing attacker ability to operate undetected.

新一代保護技術Next generation protection

Microsoft Defender 防毒軟體在獨立測試中一貫表現優異,顯示它是防毒產品市場中的最佳選擇。Microsoft Defender Antivirus consistently performs highly in independent tests, displaying how it's a top choice in the antivirus market. 請記住,這些測試僅提供防毒結果,並不會測試其他安全性保護。Keep in mind, these tests only provide results for antivirus and don't test for additional security protections.

Microsoft Defender 防毒軟體防毒軟體是 適用於端點的 Microsoft Defender Windows 10 安全性堆疊中的新一代保護功能,可解決目前最新和最複雜的威脅。Microsoft Defender Antivirus is the next generation protection capability in the Microsoft Defender for Endpoint Windows 10 security stack that addresses the latest and most sophisticated threats today. 在某些情況下,客戶甚至不知道自己受到保護,因為在網路攻擊開始後的毫秒內,該攻擊就被阻止了。In some cases, customers might not even know they were protected because a cyberattack is stopped milliseconds after a campaign starts. 這是因為 Microsoft Defender 防毒軟體和其他 Endpoint Protection Platform (EPP) 在適用於端點的 Defender 中於第一次看見時偵測和停止惡意軟體的功能。That's because Microsoft Defender Antivirus and other endpoint protection platform (EPP) capabilities in Defender for Endpoint detect and stop malware at first sight. 他們使用 機器學習人工智慧、行為分析及其他進階技術。They use machine learning, artificial intelligence, behavioral analysis, and other advanced technologies.

AV-TEST:最新測試中的保護分數為 6.0/6.0AV-TEST: Protection score of 6.0/6.0 in the latest test

「AV-TEST 產品評論與認證報告」測試了三個類別:保護、效能和可用性。The AV-TEST Product Review and Certification Report tests on three categories: protection, performance, and usability. 以下是具有兩個分數的保護類別分數:「真實世界測試」和「AV-TEST 參考集」(稱為「常見惡意軟體」)。The following scores are for the Protection category that has two scores: Real-World Testing and the AV-TEST reference set (known as "Prevalent Malware").

AV-Comparatives:最新測試中的保護評等為 99.8%AV-Comparatives: Protection rating of 99.8% in the latest test

商務安全性測試包含三個主要部分:模仿線上惡意軟體攻擊的「真實世界保護測試」、惡意軟體從網際網路外部 (例如 USB) 進入系統的「惡意軟體保護測試」,以及著重於對系統效能影響的「效能測試」。Business Security Test consists of three main parts: the Real-World Protection Test that mimics online malware attacks, the Malware Protection Test where the malware enters the system from outside the internet (for example by USB), and the Performance Test that looks at the impact on the system's performance.

SE 實驗室:最新測試中的 AAA 獎SE Labs: AAA award in the latest test

SE Labs 會測試產品和服務所使用的一系列解決方案,以偵測和/或防範攻擊。SE Labs test a range of solutions used by products and services to detect and/or protect against attacks. 它包含端點軟體、網路裝置和雲端服務。It includes endpoint software, network appliances, and cloud services.

  • 企業端點保護 2020 年 10 月 - 12 月:AAA 獎最新Enterprise Endpoint Protection October - December 2020: AAA award Latest

    Microsoft 的新一代保護產品已停止所有公開和鎖定目標攻擊。Microsoft's next-gen protection product stopped all public and targeted attacks. Microsoft Defender 防毒軟體以封鎖惡意 URL、處理惡意探索,以及正確分類合法的應用程式和網站的能力,獲得如此良好的結果。Microsoft Defender Antivirus achieved such good results with it's ability to block malicious URLs, handle exploits, and correctly classify legitimate applications and websites.

  • 企業端點保護 2020 年 7 月 - 9 月:AAA 獎Enterprise Endpoint Protection July - September 2020: AAA award

  • 企業端點保護 2020 年 4 月 - 6 月:AAA 獎Enterprise Endpoint Protection April - June 2020: AAA award

  • 企業端點保護 2020 年 1 月 - 3 月:AAA 獎 pdf | 分析Enterprise Endpoint Protection January - March 2020: AAA award pdf | Analysis

端點偵測及回應Endpoint detection & response

適用於端點的 Microsoft Defender端點偵測及回應 功能可提供近乎即時並可採取行動的進階攻擊偵測。Microsoft Defender for Endpoint endpoint detection and response capabilities provide advanced attack detections that are near real-time and actionable. 安全性分析人員可以有效地排定警示的優先順序、深入了解安全性缺口的完整範圍,並採取回應動作來補救威脅。Security analysts can prioritize alerts effectively, gain visibility into the full scope of a breach, and take response actions to remediate threats.

適用於端點的 Microsoft Defender 的 EDR 和端點保護功能已收到來自產業測試和出版物的正面結果。Microsoft Defender for Endpoint's EDR and endpoint protection capabilities have received positive results from industry tests and publications. SC 實驗室於 2020 年 6 月評定端點安全性工具,並給予適用於端點的 Microsoft Defender 5/5 顆星SC Labs assessed endpoint security tools in June 2020, and gave Microsoft Defender for Endpoint 5/5 stars. 他們指出適用於端點的 Microsoft Defender 能夠使用一組完整的安全性功能,保護組織抵禦新式威脅情況。They called out Microsoft Defender for Endpoint's ability to protect organizations against the modern threat landscape using a full set of security capabilities. SC 實驗室也會將端點安全性解決方案識別為整體而統一。SC Labs also identified the endpoint security solution as holistic and unified. 他們也認可端點保護與端點偵測及回應功能的交集,因為攻擊鏈現在已由解決方案完整涵蓋。They also acknowledged the convergence of endpoint protection with endpoint detection and response functionality, because the attack chain now gets fully covered by solutions.

MITRE:領先業界的光學與偵測功能MITRE: Industry-leading optics and detection capabilities

MITRE 測試了產品偵測鎖定目標群組 APT3 (也稱為 Boron 或 UPS) 常用技術的能力。MITRE tested the ability of products to detect techniques commonly used by the targeted attack group APT3 (also known as Boron or UPS). 為了單獨分離偵測功能,已關閉所有保護與預防功能。To isolate detection capabilities, all protection and prevention features were turned off. Microsoft 很榮幸成為依 ATT&CK 架構進行的 MITRE 評估所註冊的首批 EDR 廠商之一。Microsoft is happy to be one of the first EDR vendors to sign up for the MITRE evaluation based on the ATT&CK framework. 此架構現今已被廣泛認可為最全面的攻擊者技術與策略目錄。The framework is widely regarded today as the most comprehensive catalog of attacker techniques and tactics.

  • 適用於端點的 Microsoft Defender ATT-CK 基礎評估 - 2018 年 12 月:領先的光學和偵測功能 | 分析ATT&CK-based evaluation of Microsoft Defender for Endpoint - December 2018: Leading optics and detection capabilities | Analysis

    適用於端點的 Microsoft Defender 全面涵蓋了整個攻擊鏈中的攻擊者技術範圍。Microsoft Defender for Endpoint delivered comprehensive coverage of attacker techniques across the entire attack chain. 重點項目包括遙測的廣度、威脅情報的強度,以及透過機器學習、啟發學習和行為監視的進階自動偵測。Highlights included the breadth of telemetry, the strength of threat intelligence, and the advanced, automatic detection through machine learning, heuristics, and behavior monitoring.

測試能代表真實世界中多大程度的保護?To what extent are tests representative of protection in the real world?

獨立安全性業界測試旨在以公正的方式來評估最佳防毒及安全性產品。Independent security industry tests aim to evaluate the best antivirus and security products in an unbiased manner. 然而,Microsoft 發現了遠比本文章特別列舉之評估所測試的項目還要廣泛的威脅。However, Microsoft sees a wider and broader set of threats beyond what's tested in the evaluations highlighted in this article. Microsoft 的安全性產品平均每個月辨識出超過 1 億個新的威脅。In an average month, Microsoft's security products identify over 100 million new threats. 即使獨立測試者可以取得並測試其中 1% 的威脅,也就只是對 20 或 30 種產品進行一百萬項測試。Even if an independent tester can acquire and test 1% of those threats, that is a million tests across 20 or 30 products. 換句話說,無窮無盡的惡意軟體情況,使得評估對於真實世界威脅的保護品質極為困難。In other words, the vastness of the malware landscape makes it difficult to evaluate the quality of protection against real world threats.

適用於端點的 Microsoft Defender 中的功能可提供未被納入業界防毒測試的額外保護層,還能解決某些最新且最複雜的威脅。The capabilities within Microsoft Defender for Endpoint provide additional layers of protection that aren't factored into industry antivirus tests, and address some of the latest and most sophisticated threats. 將 AV 從適用於端點的 Microsoft Defender 的其餘部分單獨分離出來,只局部呈現 Microsoft 的安全性堆疊在真實世界中的運作方式。Isolating AV from the rest of Defender for Endpoint creates a partial picture of how Microsoft's security stack operates in the real world. 例如,受攻擊面縮減與端點偵測及回應功能可以在一開始就協助防止惡意軟體進入裝置。For example, attack surface reduction and endpoint detection & response capabilities can help prevent malware from getting onto devices in the first place. 我們已證明適用於端點的 Microsoft Defender 元件會捕捉 Microsoft Defender 防毒軟體在這些業界測試中所遺漏的樣本。We've proven that Microsoft Defender for Endpoint components catch samples that Microsoft Defender Antivirus missed in these industry tests. 它更代表 Microsoft 的安全性套件在真實世界中如何有效保護客戶。It's more representative of how effectively Microsoft's security suite protects customers in the real world.

深入了解適用於端點的 Microsoft Defender,並請註冊 90 天試用版,或是在現有租用戶上啟用預覽功能,以在您自己的網路上進行評估。Learn more about Microsoft Defender for Endpoint and evaluate it in your own network by signing up for a 90-day trial, or enabling Preview features on existing tenants.

深入瞭解 Microsoft 365 Defender開始使用服務Learn more about Microsoft 365 Defender or start using the service.