NSS Labs Tests Show Enterprise Endpoint Protection Solutions Have Improved Significantly in Protection Against Socially Engineered Malware

AUSTIN, Texas – April 15, 2014 - NSS Labs today released its latest Enterprise Endpoint Protection Comparative Analysis Report, which evaluated 5 enterprise level endpoint protection (EPP) products to test their effectiveness in blocking socially engineered malware (SEM) on download. While all vendors averaged more than a 90% block rate throughout the testing period, only McAfee maintained an average of 100% throughout.

NSS’ key findings include:

  • Consistent protection is a crucial consideration when choosing an EPP solution:  During testing, it is common for products to block a threat on download at one moment and then miss the same threat later, meaning consistency of protection over time is critical in enterprise deployments.  Most vendors stayed above an 85% block rate for download at any one time during the test period, but only one vendor, McAfee, maintained near 100% block rates throughout the test period.
  • Beware of significant differences in how quickly EPP solutions block against new threats: The same SEM often moves rapidly to new URLs as existing URLs are cataloged as malicious and blocked. The faster an EPP solution adds protection against SEM, the faster protection is provided for all future malicious URLs. McAfee VirusScan added protection for new threats in 31 seconds on average, a 12x time-to-block advantage over the next fastest vendor, Symantec, with a 15 minute average time to protection. 
  • Over time all vendors eventually achieved a block rate of over 99%: When combining the SEM block-on-download and block-on-execution capabilities after 7-day intervals during the test, all products achieved total security effectiveness scores in excess of 99%. While the combination of blocking on download and execution protection ultimately results in nearly identical protection scores, products that blocked fewer threats at the initial download phase are more reliant on host-based protection mechanisms in order to still block at execution phase. In an enterprise where client updates are required to maximize host-based defenses, protection is often delayed due to update testing frequently required prior to wide deployment.

Commentary:  NSS Labs Research Director Randy Abrams

“Significant progress in SEM protection has been made since the inception of EPP utilizing cloud technology” said Randy Abrams, Research Director at NSS Labs.  "As EPP vendors approach parity in SEM protection, look to phishing protection and more importantly, exploit protection, to differentiate highly competitive EPP solutions.”

The products covered in this test were:

  • Bitdefender
  • Fortinet FortiClient Endpoint Protection
  • McAfee VirusScan Enterprise and AntiSpyware Enterprise
  • Symantec Endpoint Protection
  • Trend Micro OfficeScan

NSS Labs did not receive any compensation in return for vendor participation; All testing and research was conducted free of charge.