It is common knowledge that today’s cyberthreats are dynamic in nature. Cybercriminals are constantly adopting new techniques to evade security defenses, and it is reasonable to assume that the security products protecting the enterprise today will not protect the enterprise tomorrow.
Writing signatures and heuristics for malware will not protect the enterprise in the long term because exploits typically deliver more than one piece of malware. Malware also changes all the time, using techniques such as polymorphism and metamorphism. NSS Labs research has shown that it is more efficient to write a signature for an exploit than for a piece of malware because exploit signatures target the delivery mechanism rather than the payload.
Last week, we announced the incorporation of our Cyber Advanced Warning System ™ (CAWS) into all NSS group tests. CAWS provides enterprises with a continuous view into how products perform against active exploit campaigns, which translates into measurements of the ongoing efficacy of the security products against exploits, rather than malware.
CAWS provides the unique advantage of capturing exploits and testing the block rate of security products in real time. This is important not only because CAWS provides the ability to test dynamic threats but also because it assesses risk exposure in real time, which is a significant data point for C-level executives.
Given the highly dynamic nature of threats, this continuous visibility into threats significantly improves purchase and risk mitigation guidance for enterprise security teams. Ongoing identification of exposure gives enterprises the ability to continuously re-evaluate their security postures.
Not only does the integration of CAWS into NSS’ testing cycles provide a new perspective on security product effectiveness, but it also reveals another key element of the defense equation—a vendor’s timeliness of response to ongoing exploit campaigns. In the first application of CAWS in group testing, the response of the NGFW products under test was positive overall, although there was variance in metrics such as performance over time, speed of response to new attacks, and overall consistency of protection.
The integration of CAWS into NSS’ testing provides greater insight for NSS enterprise clients, which ultimately will lead to improved security products—a win for everyone.
Follow me on Twitter @tskybakmoen to keep informed as new research is released.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.