NSS Labs Tests Show Enterprise Endpoint Protection Solutions Have Improved Significantly in Protection Against Socially Engineered Malware

AUSTIN, TX--(Marketwired - Apr 15, 2014) - NSS Labs today released its latest Enterprise Endpoint Protection Comparative Analysis Report, which evaluated 5 enterprise level endpoint protection (EPP) products to test their effectiveness in blocking socially engineered malware (SEM) on download. While all vendors averaged more than a 90% block rate throughout the testing period, only McAfee maintained an average of 100% throughout.

Download the Reports:
NSS Enterprise Endpoint Protection Comparative Analysis Report - Socially Engineered Malware

NSS' key findings include:

  • Consistent protection is a crucial consideration when choosing an EPP solution: During testing, it is common for products to block a threat on download at one moment and then miss the same threat later, meaning consistency of protection over time is critical in enterprise deployments. Most vendors stayed above an 85% block rate for download at any one time during the test period, but only one vendor, McAfee, maintained near 100% block rates throughout the test period.

  • Beware of significant differences in how quickly EPP solutions block against new threats: The same SEM often moves rapidly to new URLs as existing URLs are cataloged as malicious and blocked. The faster an EPP solution adds protection against SEM, the faster protection is provided for all future malicious URLs. McAfee VirusScan added protection for new threats in 31 seconds on average, a 12x time-to-block advantage over the next fastest vendor, Symantec, with a 15 minute average time to protection. 

  • Over time all vendors eventually achieved a block rate of over 99%: When combining the SEM block-on-download and block-on-execution capabilities after 7-day intervals during the test, all products achieved total security effectiveness scores in excess of 99%. While the combination of blocking on download and execution protection ultimately results in nearly identical protection scores, products that blocked fewer threats at the initial download phase are more reliant on host-based protection mechanisms in order to still block at execution phase. In an enterprise where client updates are required to maximize host-based defenses, protection is often delayed due to update testing frequently required prior to wide deployment.

Commentary: NSS Labs Research Director Randy Abrams
"Significant progress in SEM protection has been made since the inception of EPP utilizing cloud technology," said Randy Abrams, Research Director at NSS Labs. "As EPP vendors approach parity in SEM protection, look to phishing protection and more importantly, exploit protection, to differentiate highly competitive EPP solutions."

The products covered in this test were:

  • Bitdefender
  • Fortinet Fortigate 100D
  • McAfee VirusScan Enterprise and AntiSpyware Enterprise
  • Symantec Endpoint Protection
  • Trend Micro OfficeScan

NSS Labs did not receive any compensation in return for vendor participation; All testing and research was conducted free of charge.

About NSS Labs, Inc.
NSS Labs, Inc. is the world's leading information security research and advisory company. We deliver a unique mix of test-based research and expert analysis to provide our clients with the information they need to make good security decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS Labs' insight, every day. For more information, visit www.nsslabs.com.

© 2014 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.

Contact Information:

ReseAnne Sims
Sr. Marketing Manager, Public Relations
NSS Labs
Phone: +1 (832) 741-7373