NSS Labs to Develop the 2019 Threat Detection and Analytics Systems Group Test

TDA Represents an Evolution of the Original Breach Detection Systems Group Test

AUSTIN, Texas – April 3, 2019 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that it is developing its Threat Detection and Analytics Systems (TDA) Group Test with results to be released in 2019. As part of today’s announcement, the company is also issuing a call for industry engagement from both enterprises and vendors that offer threat visibility and automation and response capabilities through the use of analytics to help shape and evolve the upcoming group test and accompanying methodology. 

While enterprises aspire to attain a perfect security architecture, the reality is that weaknesses can stem from a number of factors. These can include configuration error, lapses in operational hygiene, user error, threat and evasion capabilities, and malicious insiders. Increasingly, enterprises are turning to threat detection analytics technology to address evolving use cases for analytic capabilities to identify, investigate, and respond to incidents before a major incident or breach occurs.

Threat detection and analytics products improve the incident responders’ ability to rapidly assess and identify threat activities that incorporate subtle and advanced attack techniques that can bypass individual security controls unless examined across the attack sequence. Through the application of analysis algorithms and both traffic and often endpoint technologies, TDA technologies help to accelerate the response workflow and improve incident outcomes by correlating data across many data surfaces. Incident responders are uniquely able to address attacks in progress and help organizations avoid serious data loss or damage if they learn of incidents early enough in the attack chain and have sufficient detail to prioritize and act on threats.

This forthcoming test will evaluate both traditional TDA products and new entrants striving to address evolving enterprise use case requirements for this technology. Some of the capabilities this test will examine include enhanced identification of false positive events, detection of malicious activity or content, and operational and workflow impacts such as a product’s ability to streamline enterprise operations by integrating with other security tools.

In 2018, NSS Labs performed the industry’s most comprehensive group test of leading breach detection system products. Three products from market-leading vendors were examined for security effectiveness, performance, and total cost of ownership. Of the products that participated in the group test, only one product demonstrated full resilience tested against attack variants. For more information about the test, click here.

“The TDA group test will help enterprises evaluate whether to replace or refresh existing BDS deployments with TDA products or investigate new approaches that incorporate analytics and advanced feature sets,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “We encourage both enterprises and vendors to collaborate with us as we examine this evolving category.” 

NSS Labs has a long history in testing enterprise-class security products. NSS Labs’ rigorous group tests offer independent analysis of the top security technologies used today by Global 2000 companies. The tests provide the industry’s most comprehensive review of security effectiveness, performance, and total cost of ownership. Enterprises rely on our tests for fact-based, empirical data that they can use to inform their decision making. Within the last 12 months, NSS Labs has released group test results for several categories of mature and evolving cybersecurity products. To learn more about our group tests, visit the NSS Labs website.

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.

Enterprises that wish to provide feedback regarding NSS Labs’ upcoming TDA Group Test and its associated test methodology can send feedback to enterprise_relations@nsslabs.com. Vendors can send feedback to vendor_relations@nsslabs.com.

 

Additional Resources: 

·       Visit the NSS Labs website

·       Follow NSS Labs on Twitter

·       Follow NSS Labs on LinkedIn

### 

About NSS Labs, Inc.
We test the world’s security products. Based in Austin, Texas, our research and testing laboratory is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. C-Suite executives and information security professionals from many of the world's most demanding enterprises rely on NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com.

 

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com  

NSS Labs Announces 2019 Advanced Endpoint Protection Group Test Results  at the RSA Conference in San Francisco

Testing Reveals Improvement in Security Effectiveness and Evasion Block Rates 

AUSTIN, Texas – March 5, 2019 – NSS Labs, Inc., a global leader and trusted source for independent security product testing, today announced the results of its 2019 Advanced Endpoint Protection (AEP 3.0) Group Test. In this year’s test, 19 comparable products were presented in the Security Value Map™ (SVM) out of 21 tested products from market-leading vendors. These products were examined for security effectiveness and total cost of ownership (TCO). Fourteen products achieved a Recommended rating.

An AEP product is one that provides automatic threat prevention and threat event reporting capabilities for every endpoint system it protects. These products are the current evolution of endpoint security technology, combining endpoint protection products (EPP) with endpoint detection and response (EDR) technology in order to provide detection, blocking, and forensic insight.

With the large number of vendors marketing products with visibility, as well as advanced detection and blocking functionality, it is challenging for enterprises to understand true differentiation. NSS Labs research shows that enterprises evaluating endpoint security products face a wide range of functionalities and often downselect products based on their advanced threat protection capabilities.  

In this third iteration of the AEP Group Test, products were tested against socially engineered malware, exploits, blended threats, unknown threats, evasions, offline capabilities and resistance to tampering. Testing spanned four months and included over 56,000 test cases across multiple categories. 

While AEP products vary with regards to efficacy, the security effectiveness of products tested is showing improvement. The Security Effectiveness of tested products ranged between 87.4% and 99.1%. Thirteen of the 19 assessed products were resistant to tested evasions, while six of the assessed products missed at least one evasion.  

“The 2019 AEP Group Test revealed good improvement in product capabilities to the benefit of consumers,”said Jason Brvenik, Chief Technology Officer at NSS Labs. “The AEP market is very competitive and consumers have a plethora of choices available to them. All of the vendors participating in this test have demonstrated a commitment to providing the best possible protections to consumers and should be commended for their commitment and transparency.”

The following 14 products achieved a Recommended rating: 

  • Bitdefender GravityZone Ultra v6.6.7.106

  • Carbon Black CB Defense 3.2.10105

  • Check Point Software Technologies Check Point SandBlast Agent Next Generation AV E80.82.1

  • Cisco Advanced Malware Protection (AMP) for Endpoints 6.2.3.10807

  • Cylance CylancePROTECT + CylanceOPTICS v2.0.1500 

  • Endgame Endpoint Security v3.3

  • enSilo Endpoint Security Platform v3.0

  • Fortinet FortiClient v6.0.3

  • Kaspersky Lab Kaspersky Endpoint Security v11.0.1.90 

  • Malwarebytes Endpoint Protection and Response v1.2.0.632

  • Panda Security Panda Adaptive Defense 360 v3.40.00

  • Sophos Intercept X Advanced v2.0.10

  • Symantec Endpoint Protection and Advanced Threat Protection (ATP) v14.2.1023.0100

  • Trend Micro Smart Protection for Endpoints v12.0.5024

NSS Labs is committed to providing empirical data and objective group test results that enable organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. As with all NSS Labs group tests, there was no fee for participation.

Additional Resources: 

·       View the 2019 AEP Group Test Security Value Map™ (SVM)(free)

·       View the 2019 AEP Test Methodology(free)

·       Subscribers can access the AEP Group Test reports here

·       View the Intelligence Brief on Security Controls in the US Enterprise, with a focus on Advanced Endpoint Protection (AEP)(Subscribers)

·       Follow NSS Labs on Twitter

·       Follow NSS Labs on LinkedIn

# # #

About NSS Labs, Inc.

We test the world’s security products. Based in Austin, Texas, our research and testing laboratory is recognized globally as the most trusted source for independent, fact-based cybersecurity guidance. C-Suite executives and information security professionals from many of the world's most demanding enterprises rely on NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com 

NSS Labs to Develop its 2019 Next Generation Intrusion Prevention System Group Test

NGIPS Remains a Core Component of Mature Security Operations and is Increasingly Relevant as Enterprises Look to Further Segment Networks

 AUSTIN, Texas – January 15, 2019 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced that it is developing the next iteration of its Next Generation Intrusion Prevention Systems (NGIPS) Group Test with results expected to be released in 2019. As part of today’s announcement, the company is also issuing a call for industry engagement from both enterprises and NGIPS vendors to help shape and evolve the upcoming NGIPS Group Test and accompanying methodology.  

NGIPS technology continues to play a critical role in addressing enterprise requirements for deep forensics and incident response capabilities to manage insider threats. These threats have been linked to many large-scale breaches and often bypass traditional NGFWs deployed at the perimeter. NGIPS are also deployed for traditional branch/campus deployments that combine NGFW and IPS capabilities and for policy control to help mitigate highly adaptable threats. In addition to supporting perimeter deployments, NGIPS are becoming even more important in supporting new use cases. Enterprises are looking to improve segmentation, operational agility, and time to mitigate through security orchestration and automation response (SOAR) and through security information and event management (SIEM), and these technologies are now placing new demands on NGIPS as they increasingly rely on intelligence and action from IPS systems.   

In 2018, NSS Labs performed the industry’s most comprehensive group test of leading NGIPS products. Seven products from six market-leading vendors were examined for security effectiveness, performance, and total cost of ownership. Of the products that participated in the group test, two missed at least one evasion. Testing also revealed stability issues with certain product versions. For more information about the test, click here.

“Enterprises continue to rely on NGIPS because they are highly effective and easy to deploy without new network architectures and also because they can be tuned and complement the capabilities of NGFWs that are deployed at the perimeter,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “NSS Labs is continuously evolving its group tests to keep pace with industry advancements. With new use cases for NGIPS, empirical data is critical to inform decision making. We encourage both enterprises and vendors to collaborate with us as we examine leading NGIPS products in the market.”    

NSS Labs has a long history in testing enterprise-class security products. NSS Labs’ rigorous group tests offer independent analysis of the top security technologies used today by Global 2000 companies. The tests provide the industry’s most comprehensive review of security effectiveness, performance, and total cost of ownership. Enterprises rely on our tests for fact-based, empirical data that they can use to inform their decision making. Within the last 12 months, NSS Labs has released group test results for several categories of mature and evolving cybersecurity products. To learn more about our group tests, visit the NSS Labs website.

As with all NSS Labs group tests, there isno fee for participation, and the test methodology is available in the public domainto provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.

 Enterprises that wish to provide feedback regarding NSS Labs’ upcoming NGIPS Group Test and its associated test methodology can send feedback to enterprise_relations@nsslabs.com. Vendors can send feedback to vendor_relations@nsslabs.com.

 

Additional Resources: 

·       Follow NSS Labs on Twitter

·       Follow NSS Labs on LinkedIn

 

About NSS Labs, Inc.

NSS Labs, Inc. is the global leader in cybersecurity product testing, research, and advisory services. Our mission is to advance transparency and accountability within the cybersecurity industry. We provide enterprises with the objective information services they need to successfully manage cybersecurity risk through our advisory services, continuous testing, and security validation programs that rigorously subject security products to cyberattacks in real time. C-Suite executives and information security professionals from many of the world's most demanding enterprises rely on fact-based information from NSS Labs to accelerate security decisions with greater confidence. For more information, visit www.nsslabs.com.

 

Contact:

Jessica Johannes

Phone: +1 512-498-7076

jjohannes@nsslabs.com 

NSS Labs Announces Results of 2018 Web Browser Security Test

All browsers tested showed high block rates against socially engineered malware and phishing

AUSTIN, Texas – December 5, 2018 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the release of its 2018 Web Browser Security Comparative Reports. These reports examine the abilities of three leading web browsers to protect users from socially engineered malware and phishing attacks.

Phishing attacks and socially engineered malware (SEM) are among the most prominent and impactful security threats facing users today. These attacks pose significant risk to individuals and organizations alike by threatening to compromise or acquire sensitive personal and corporate information. Phishing attacks are becoming increasingly complex and sophisticated, which makes them harder to visually detect prevent and more difficult to generally prevent.

For several years, the use of social engineering has accounted for the bulk of cyberattacks against consumers and enterprises. SEM attacks use a dynamic combination of social media, hijacked email accounts, and false notification of email accounts to take advantage of the implicit trust between contacts and to deceive victims into believing that links to malicious files are trustworthy.

The NSS Labs 2018 Web Browser Security Test assessed the average block rate, consistency of protection, amount of time required to add protection for new threats, and zero-day protection capabilities of leading browsers. The findings from the 2018 Web Browser Comparative Reports provide valuable insights to help both enterprises and end users establish a strong layer of defense and minimize risk through a secure browser experience.

Key Findings:

  • Phishing block rates ranged from 94.3% to 96.7%.

  • Zero-hour phishing protection ranged from 77.3% to 89.5%.

  • The average overall block rate for SEM was 99.7% when security capabilities built into the operating system (OS) were taken into account.

  • Built-in OS security contributed between 9.6% and 19.5% to the SEM security efficacy score for two of the three browsers tested.

Key Takeaways:

  • Immediate protection against new phishing URLs is critical. As phishing sites are discovered, they are taken down, often within a relatively short amount of time. Products that fail to add protection in a timely manner will expose users to greater risk.

  • To minimize risk, NSS Labs recommends that users select browsers with the following capabilities:

    • Higher phishing block rates, consistency of protection, and early protection against new threats

    • The right combination of OS and browser

  • Education is a key component of protection against SEM and phishing attacks. Users who are able to identify socially engineered attacks rely less on technology for protection against such attacks. NSS Labs recommends supplementing browser protection with user education to protect against attacks that bypass browser protections.

The 2018 Web Browser Comparative Reports:

  • The SEM tests comprised 81,729 test cases that included 1,196 unique suspicious samples. Ultimately, 708 samples met NSS Labs' validation criteria and were included as part of the test.

  • The phishing tests comprised 56,669 test cases that included 2,943 unique and suspicious URLs. On average, 21 new validated URLs were added to the test per day; the number of URLs added each day varied according to fluctuating levels of criminal activity.

"The web browser is the first line of defense against web-borne threats," said Jason Brvenik, Chief Technology Officer at NSS Labs. "Web-based attacks from socially engineered malware and phishing can be difficult to identify for even the most seasoned practitioner. Choosing a browser that provides an effective layer of defense against attacks reduces the burden on users and other deployed security controls. Since browsers often have visibility into threats before other security technologies that are deployed both on the network or endpoints, their selection and configuring can dramatically impact an organization's security posture."

The following browsers were tested:

  • Google Chrome: Version 69.0.3497

  • Microsoft Edge: Version 42.17134.1.0

  • Mozilla Firefox: Version 61

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. .

NSS Labs Announces Results of 2018 Endpoint Detection and Response Group Test

Three Products Receive Recommended Rating; One Product Receives Caution Rating

AUSTIN, Texas – November 14, 2018 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the results of its 2018 Endpoint Detection and Response (EDR) Group Test. Four products from market-leading security vendors were examined to help enterprises understand the merits of products in the market and identify capabilities that are best suited to meet their use case.

EDR products provide the critical information incident response teams need to conduct forensic investigations. Properly utilizing an EDR product requires an expert team of security forensic specialists. Forensics are particularly important for some enterprises, which is why EDR products that focus on forensic investigation and continuous monitoring remain in demand. In the 2018 NSS Labs Network Security Study, 89.4% of the US enterprises surveyed indicated the use of some forensic features on their endpoint products.1 NSS Labs' testing of forensic reporting capabilities in EDR products included application programming interface (API) calls, data exfiltration, file system, network traffic, registry, and system and data integrity.

For organizations that are constantly under attack, an EDR product can save time and money. NSS Labs recommends that organizations that are likely to be the target of advanced persistent threats (APTs) deploy an EDR product. This is especially true for organizations deemed to be critical infrastructure. NSS Labs also recommends deploying EDR products strategically on systems with access to critical information and systems in the data path that can be used to gain entry to (or exfiltrate) a network.

An EDR product provides visibility into the behavior of endpoints so that forensic security analysts and forensic teams have the information they need to investigate suspicious activity. Continuous monitoring of the endpoint, detection of anomalous activity, and supplying forensic detail to empower incident response are core features of an EDR product. In theory, an endpoint protection platform (EPP)/antivirus (AV) product blocks attacks while an EDR product detects the attacks that were not blocked. Using this approach, incident response investigations can focus on what happened and whether any data was compromised or lost.

This first iteration of NSS Labs' EDR Group Test introduced real-world cyberattack scenarios to determine how effective products were at detecting, logging, and reporting on the following threats:

  • Blended threats, which leverage exploiting multiple vulnerabilities, such as spear phishing, infected peripherals, and sophisticated antivirus evasion techniques, to infect the endpoint device

  • Techniques and tactics from common APTs


Key Takeaways:

  • EDR products are developed with different philosophies and capabilities. Some are designed to identify threats pre-execution, others contain technology that lends itself to identification of threats during execution, and still others may excel at identifying attacks post-execution.
     

  • Most EDR products have a mix of detection capabilities that enable detection pre-execution, during execution, and post-execution. However, this does not preclude the possibility of some performing better in one area than another, and these relative strengths and weaknesses are important to consider when evaluating which EDR product is right for an organization.
     

  • An EDR product’s ability to correctly identify and allow benign content (for example, legitimate application traffic, files, and documents) is as important as its ability to detect malicious content. And, after the product detects malicious or anomalous behavior, it should support follow-on investigation, incident response, and remediation efforts.
     

  • Measurement of an EDR product’s forensic reporting capabilities should include how well the product captures specific information about the malicious activities of a threat and how accurately it logs this information. Reporting should include threat types, techniques used, and information such as destination IP, potential command-and-control, or outbound connections attempted.

The 2018 NSS Labs EDR Group Test:

  • Used over 100 victim machines per product

  • Included more than 275 attacks, which included 21 unique evasion samples

  • Involved hundreds of discrete malware samples used by threat actors in current hacking campaigns

  • Used typical attack vectors such as web and email, leveraging numerous common document and application types

  • Collected and analyzed more than 20,000 classifications, investigations, events and associated forensic artifacts

"Implementing an EDR product can be very complex and there are several factors enterprises must consider to determine the best protection and value for their organization's needs," said Jason Brvenik, Chief Technology Officer at NSS Labs. "The NSS Labs 2018 EDR Group Test highlights the relative strengths and weaknesses of the EDR products tested. We encourage organizations to examine our findings for insights regarding security effectiveness and operating cost as they evaluate which EDR is right for their enterprise."  

The following products were tested:

  • Arc4dia SNOW Self-Managed v12.18.0

  • CounterTack+GoSecure Endpoint Protection Platform v5.8.4

  • Cybereason Deep Detect v18.0

  • RSA NetWitness Endpoint v4.4.0.0

Unverified Products: 

  • Carbon Black

  • Cisco

  • Crowdstrike

  • FireEye

  • McAfee

  • Symantec

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.