AV Industry Fails to Cover the Basics

NSS Labs testing shows critical failures to address evasion techniques and multi-vector attacks

CARLSBAD, Calif., March 9, 2011 - NSS Labs, Inc., the leading independent security testing organization, today announced the release of two test reports of Endpoint Protection Products (EPP). The reports reveal new shortcomings in these widely deployed products. They cover multi-vector attacks (malware delivered from the web, email, network file sharing and USB flash drives), memory-only attacks, and anti-evasion techniques.

Key findings from the reports show:

  • Malware caught via one entry point may not be detected when introduced via another entry point. E.g. malware that is detected via a web download could be missed if downloaded from a USB drive or network file server.
  • Products missed between 10% and 60% of the evasions typically used by cybercriminals.
  • Less than a third of the tested vendors had protection for memory-only malware, leaving a significant evasion gap in their products.

All of the products tested had been certified by multiple organizations. However, traditional antivirus test and certification labs are simply not performing this level of gloves-off testing. Enterprises basing purchasing decisions off such vendor-funded reports are therefore blind to the holes in their endpoint security defenses.

“IT organizations worldwide have a false sense of security in part due to tests that have been too easy,” said Vik Phatak, CTO, NSS Labs. “Our test results point towards the need for more realistic testing based on what cybercriminals are actually doing to breach corporate defenses.”

The new reports are available to NSS Labs’ subscribers; non-clients can purchase the report for $995 per user. All endpoint security reports can be purchased here. 

About NSS Labs, Inc.

NSS Labs, Inc. is the leading independent, information security research and testing organization. Its expert analyses provide information technology professionals with the unbiased data they need to select and maintain complex security products for their organizations. Pioneering intrusion detection and prevention system testing with the publication of the first such test criteria in 1999, NSS Labs evaluates firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis. The firm’s real-world test methodology is the only one to assess security products against live Internet threats. NSS Labs tests are considered the most aggressive in the industry. Founded in 1991, the company has offices in Carlsbad, California and Austin, Texas. For more information, visit www.nsslabs.com.