NSS Labs Appoints New Chief Executive Officer

AUSTIN, Texas – May 2, 2019 – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced that Jason Brvenik has been named Chief Executive Officer (CEO); he had been serving as Chief Technology Officer (CTO) since January 2017.  

Vikram Phatak, CEO since 2007, will remain active on the Board of Directors and Executive team as Founder. Phatak has a deep knowledge of the cybersecurity industry and will focus on new innovations for the company. 

Under the leadership of Phatak, NSS Labs established itself as the independent trusted third party that understands both the needs of the enterprise and the true capabilities of the world’s cybersecurity products. Phatak recruited Brvenik to grow the testing programs and deliver customized proof-of-concept testing and product selection for enterprises. Over the past two years, Phatak and Brvenik have broadened services to help security professionals navigate the complexity and hidden disparity in security product selection and deployment.   

“Working with Jason has been very rewarding. He has recruited top talent and guided that team to significantly expand our security testing programs and the value we add to enterprises,” Phatak said. “He is definitely the right person for the job.”  

Prior to NSS Labs, Brvenik worked in technology and leadership roles at Sourcefire from 2002 until the company’s $2.7B acquisition by Cisco in 2013, where he also served on the security leadership team.

NSS Labs’ rigorous group tests offer independent analysis of the top security technologies used by Global 2000 companies and governments around the world. Consumers rely on NSS Labs’ fact-based, empirical data to inform their decision making. The company most recently introduced coverage of cloud security technologies and a Threat Detection and Analysis Systems group test.

“It has been an honor to work alongside Vik to help customers identify the technologies that are most effective in defending against the threats they face,” Brvenik said. “I am excited to continue our journey and help make truly effective security a reality for consumers.”

About NSS Labs, Inc.

NSS Labs tests the world’s security products.  Based in Austin, Texas, the company’s research and testing laboratory is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance.  C-Suite executives and information security professionals from many of the world's most demanding global enterprises rely on NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com.

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com  

NSS Labs to Develop the 2019 Threat Detection and Analytics Systems Group Test

TDA Represents an Evolution of the Original Breach Detection Systems Group Test

AUSTIN, Texas – April 3, 2019 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that it is developing its Threat Detection and Analytics Systems (TDA) Group Test with results to be released in 2019. As part of today’s announcement, the company is also issuing a call for industry engagement from both enterprises and vendors that offer threat visibility and automation and response capabilities through the use of analytics to help shape and evolve the upcoming group test and accompanying methodology. 

While enterprises aspire to attain a perfect security architecture, the reality is that weaknesses can stem from a number of factors. These can include configuration error, lapses in operational hygiene, user error, threat and evasion capabilities, and malicious insiders. Increasingly, enterprises are turning to threat detection analytics technology to address evolving use cases for analytic capabilities to identify, investigate, and respond to incidents before a major incident or breach occurs.

Threat detection and analytics products improve the incident responders’ ability to rapidly assess and identify threat activities that incorporate subtle and advanced attack techniques that can bypass individual security controls unless examined across the attack sequence. Through the application of analysis algorithms and both traffic and often endpoint technologies, TDA technologies help to accelerate the response workflow and improve incident outcomes by correlating data across many data surfaces. Incident responders are uniquely able to address attacks in progress and help organizations avoid serious data loss or damage if they learn of incidents early enough in the attack chain and have sufficient detail to prioritize and act on threats.

This forthcoming test will evaluate both traditional TDA products and new entrants striving to address evolving enterprise use case requirements for this technology. Some of the capabilities this test will examine include enhanced identification of false positive events, detection of malicious activity or content, and operational and workflow impacts such as a product’s ability to streamline enterprise operations by integrating with other security tools.

In 2018, NSS Labs performed the industry’s most comprehensive group test of leading breach detection system products. Three products from market-leading vendors were examined for security effectiveness, performance, and total cost of ownership. Of the products that participated in the group test, only one product demonstrated full resilience tested against attack variants. For more information about the test, click here.

“The TDA group test will help enterprises evaluate whether to replace or refresh existing BDS deployments with TDA products or investigate new approaches that incorporate analytics and advanced feature sets,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “We encourage both enterprises and vendors to collaborate with us as we examine this evolving category.” 

NSS Labs has a long history in testing enterprise-class security products. NSS Labs’ rigorous group tests offer independent analysis of the top security technologies used today by Global 2000 companies. The tests provide the industry’s most comprehensive review of security effectiveness, performance, and total cost of ownership. Enterprises rely on our tests for fact-based, empirical data that they can use to inform their decision making. Within the last 12 months, NSS Labs has released group test results for several categories of mature and evolving cybersecurity products. To learn more about our group tests, visit the NSS Labs website.

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.

Enterprises that wish to provide feedback regarding NSS Labs’ upcoming TDA Group Test and its associated test methodology can send feedback to enterprise_relations@nsslabs.com. Vendors can send feedback to vendor_relations@nsslabs.com.

 

Additional Resources: 

·       Visit the NSS Labs website

·       Follow NSS Labs on Twitter

·       Follow NSS Labs on LinkedIn

### 

About NSS Labs, Inc.
We test the world’s security products. Based in Austin, Texas, our research and testing laboratory is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. C-Suite executives and information security professionals from many of the world's most demanding enterprises rely on NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com.

 

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com  

NSS Labs Announces 2019 Advanced Endpoint Protection Group Test Results  at the RSA Conference in San Francisco

Testing Reveals Improvement in Security Effectiveness and Evasion Block Rates 

AUSTIN, Texas – March 5, 2019 – NSS Labs, Inc., a global leader and trusted source for independent security product testing, today announced the results of its 2019 Advanced Endpoint Protection (AEP 3.0) Group Test. In this year’s test, 19 comparable products were presented in the Security Value Map™ (SVM) out of 21 tested products from market-leading vendors. These products were examined for security effectiveness and total cost of ownership (TCO). Fourteen products achieved a Recommended rating.

An AEP product is one that provides automatic threat prevention and threat event reporting capabilities for every endpoint system it protects. These products are the current evolution of endpoint security technology, combining endpoint protection products (EPP) with endpoint detection and response (EDR) technology in order to provide detection, blocking, and forensic insight.

With the large number of vendors marketing products with visibility, as well as advanced detection and blocking functionality, it is challenging for enterprises to understand true differentiation. NSS Labs research shows that enterprises evaluating endpoint security products face a wide range of functionalities and often downselect products based on their advanced threat protection capabilities.  

In this third iteration of the AEP Group Test, products were tested against socially engineered malware, exploits, blended threats, unknown threats, evasions, offline capabilities and resistance to tampering. Testing spanned four months and included over 56,000 test cases across multiple categories. 

While AEP products vary with regards to efficacy, the security effectiveness of products tested is showing improvement. The Security Effectiveness of tested products ranged between 87.4% and 99.1%. Thirteen of the 19 assessed products were resistant to tested evasions, while six of the assessed products missed at least one evasion.  

“The 2019 AEP Group Test revealed good improvement in product capabilities to the benefit of consumers,”said Jason Brvenik, Chief Technology Officer at NSS Labs. “The AEP market is very competitive and consumers have a plethora of choices available to them. All of the vendors participating in this test have demonstrated a commitment to providing the best possible protections to consumers and should be commended for their commitment and transparency.”

The following 14 products achieved a Recommended rating: 

  • Bitdefender GravityZone Ultra v6.6.7.106

  • Carbon Black CB Defense 3.2.10105

  • Check Point Software Technologies Check Point SandBlast Agent Next Generation AV E80.82.1

  • Cisco Advanced Malware Protection (AMP) for Endpoints 6.2.3.10807

  • Cylance CylancePROTECT + CylanceOPTICS v2.0.1500 

  • Endgame Endpoint Security v3.3

  • enSilo Endpoint Security Platform v3.0

  • Fortinet FortiClient v6.0.3

  • Kaspersky Lab Kaspersky Endpoint Security v11.0.1.90 

  • Malwarebytes Endpoint Protection and Response v1.2.0.632

  • Panda Security Panda Adaptive Defense 360 v3.40.00

  • Sophos Intercept X Advanced v2.0.10

  • Symantec Endpoint Protection and Advanced Threat Protection (ATP) v14.2.1023.0100

  • Trend Micro Smart Protection for Endpoints v12.0.5024

NSS Labs is committed to providing empirical data and objective group test results that enable organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. As with all NSS Labs group tests, there was no fee for participation.

Additional Resources: 

·       View the 2019 AEP Group Test Security Value Map™ (SVM)(free)

·       View the 2019 AEP Test Methodology(free)

·       Subscribers can access the AEP Group Test reports here

·       View the Intelligence Brief on Security Controls in the US Enterprise, with a focus on Advanced Endpoint Protection (AEP)(Subscribers)

·       Follow NSS Labs on Twitter

·       Follow NSS Labs on LinkedIn

# # #

About NSS Labs, Inc.

We test the world’s security products. Based in Austin, Texas, our research and testing laboratory is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. C-Suite executives and information security professionals from many of the world's most demanding enterprises rely on NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com 

NSS Labs to Develop its 2019 Next Generation Intrusion Prevention System Group Test

NGIPS Remains a Core Component of Mature Security Operations and is Increasingly Relevant as Enterprises Look to Further Segment Networks

 AUSTIN, Texas – January 15, 2019 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that it is developing the next iteration of its Next Generation Intrusion Prevention Systems (NGIPS) Group Test with results expected to be released in 2019. As part of today’s announcement, the company is also issuing a call for industry engagement from both enterprises and NGIPS vendors to help shape and evolve the upcoming NGIPS Group Test and accompanying methodology.  

NGIPS technology continues to play a critical role in addressing enterprise requirements for deep forensics and incident response capabilities to manage insider threats. These threats have been linked to many large-scale breaches and often bypass traditional NGFWs deployed at the perimeter. NGIPS are also deployed for traditional branch/campus deployments that combine NGFW and IPS capabilities and for policy control to help mitigate highly adaptable threats. In addition to supporting perimeter deployments, NGIPS are becoming even more important in supporting new use cases. Enterprises are looking to improve segmentation, operational agility, and time to mitigate through security orchestration and automation response (SOAR) and through security information and event management (SIEM), and these technologies are now placing new demands on NGIPS as they increasingly rely on intelligence and action from IPS systems.   

In 2018, NSS Labs performed the industry’s most comprehensive group test of leading NGIPS products. Seven products from six market-leading vendors were examined for security effectiveness, performance, and total cost of ownership. Of the products that participated in the group test, two missed at least one evasion. Testing also revealed stability issues with certain product versions. For more information about the test, click here.

“Enterprises continue to rely on NGIPS because they are highly effective and easy to deploy without new network architectures and also because they can be tuned and complement the capabilities of NGFWs that are deployed at the perimeter,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “NSS Labs is continuously evolving its group tests to keep pace with industry advancements. With new use cases for NGIPS, empirical data is critical to inform decision making. We encourage both enterprises and vendors to collaborate with us as we examine leading NGIPS products in the market.”    

NSS Labs has a long history in testing enterprise-class security products. NSS Labs’ rigorous group tests offer independent analysis of the top security technologies used today by Global 2000 companies. The tests provide the industry’s most comprehensive review of security effectiveness, performance, and total cost of ownership. Enterprises rely on our tests for fact-based, empirical data that they can use to inform their decision making. Within the last 12 months, NSS Labs has released group test results for several categories of mature and evolving cybersecurity products. To learn more about our group tests, visit the NSS Labs website.

As with all NSS Labs group tests, there isno fee for participation, and the test methodology is available in the public domainto provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.

 Enterprises that wish to provide feedback regarding NSS Labs’ upcoming NGIPS Group Test and its associated test methodology can send feedback to enterprise_relations@nsslabs.com. Vendors can send feedback to vendor_relations@nsslabs.com.

 

Additional Resources: 

·       Follow NSS Labs on Twitter

·       Follow NSS Labs on LinkedIn

 

About NSS Labs, Inc.

NSS Labs, Inc. is the global leader in cybersecurity product testing, research, and advisory services. Our mission is to advance transparency and accountability within the cybersecurity industry. We provide enterprises with the objective information services they need to successfully manage cybersecurity risk through our advisory services, continuous testing, and security validation programs that rigorously subject security products to cyberattacks in real time. C-Suite executives and information security professionals from many of the world's most demanding enterprises rely on fact-based information from NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com.

 

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com 

NSS Labs Announces Results of 2018 Web Browser Security Test

All browsers tested showed high block rates against socially engineered malware and phishing

AUSTIN, Texas – December 5, 2018 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the release of its 2018 Web Browser Security Comparative Reports. These reports examine the abilities of three leading web browsers to protect users from socially engineered malware and phishing attacks.

Phishing attacks and socially engineered malware (SEM) are among the most prominent and impactful security threats facing users today. These attacks pose significant risk to individuals and organizations alike by threatening to compromise or acquire sensitive personal and corporate information. Phishing attacks are becoming increasingly complex and sophisticated, which makes them harder to visually detect prevent and more difficult to generally prevent.

For several years, the use of social engineering has accounted for the bulk of cyberattacks against consumers and enterprises. SEM attacks use a dynamic combination of social media, hijacked email accounts, and false notification of email accounts to take advantage of the implicit trust between contacts and to deceive victims into believing that links to malicious files are trustworthy.

The NSS Labs 2018 Web Browser Security Test assessed the average block rate, consistency of protection, amount of time required to add protection for new threats, and zero-day protection capabilities of leading browsers. The findings from the 2018 Web Browser Comparative Reports provide valuable insights to help both enterprises and end users establish a strong layer of defense and minimize risk through a secure browser experience.

Key Findings:

  • Phishing block rates ranged from 94.3% to 96.7%.

  • Zero-hour phishing protection ranged from 77.3% to 89.5%.

  • The average overall block rate for SEM was 99.7% when security capabilities built into the operating system (OS) were taken into account.

  • Built-in OS security contributed between 9.6% and 19.5% to the SEM security efficacy score for two of the three browsers tested.

Key Takeaways:

  • Immediate protection against new phishing URLs is critical. As phishing sites are discovered, they are taken down, often within a relatively short amount of time. Products that fail to add protection in a timely manner will expose users to greater risk.

  • To minimize risk, NSS Labs recommends that users select browsers with the following capabilities:

    • Higher phishing block rates, consistency of protection, and early protection against new threats

    • The right combination of OS and browser

  • Education is a key component of protection against SEM and phishing attacks. Users who are able to identify socially engineered attacks rely less on technology for protection against such attacks. NSS Labs recommends supplementing browser protection with user education to protect against attacks that bypass browser protections.

The 2018 Web Browser Comparative Reports:

  • The SEM tests comprised 81,729 test cases that included 1,196 unique suspicious samples. Ultimately, 708 samples met NSS Labs' validation criteria and were included as part of the test.

  • The phishing tests comprised 56,669 test cases that included 2,943 unique and suspicious URLs. On average, 21 new validated URLs were added to the test per day; the number of URLs added each day varied according to fluctuating levels of criminal activity.

"The web browser is the first line of defense against web-borne threats," said Jason Brvenik, Chief Technology Officer at NSS Labs. "Web-based attacks from socially engineered malware and phishing can be difficult to identify for even the most seasoned practitioner. Choosing a browser that provides an effective layer of defense against attacks reduces the burden on users and other deployed security controls. Since browsers often have visibility into threats before other security technologies that are deployed both on the network or endpoints, their selection and configuring can dramatically impact an organization's security posture."

The following browsers were tested:

  • Google Chrome: Version 69.0.3497

  • Microsoft Edge: Version 42.17134.1.0

  • Mozilla Firefox: Version 61

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. .