Press

NSS Labs Announces Group Test Results for Enterprise EPP Socially Engineered Malware and Exploits & Evasions

November 10, 2015

Malware is on the rise making EPP products the last line of defense.

AUSTIN, Texas – November 10, 2015 – NSS Labs, the world’s leading information security research and advisory company, announced today the results of its 2015 Enterprise EPP Socially Engineered Malware (SEM), and Exploits and Evasions group tests.

While some exploits and malware are filtered and remediated by the layers of network-based defense such as next generation firewalls and secure web gateways, much is still making it through these security layers to the endpoint. For mobile workers, endpoint protection (EPP) products may be the only layer of security protecting their devices.

SEM, or malicious software programs or applications that are downloaded from websites and URLs are on the rise, putting organizations even more at risk. In the SEM group test, average protection ranged from 82.8% to 100% effectiveness. This demonstrates that several EPP products provide strong anti-malware defenses.

However, in the Exploits and Evasions group test, 80% of the products lacked comprehensive anti-exploit attack mitigation capabilities for browser-based exploits delivered against Internet Explorer and Firefox. These client-side exploits allow attackers to remotely control compromised systems. Additionally, 60% of the EPP products were bypassed using vulnerabilities that are between three and five years old, which puts a significant number of Windows XP-based systems at risk. Windows XP-based systems continue to hold 15% of the OS market share and are still used in critical infrastructures verticals such as defense, energy, healthcare, telecommunication and finance.

“Multiple changes in the Internet threat landscape coupled with changes in how people work remotely are heightening the importance of endpoint protection being a critical line of defense,” said Mike Spanbauer, VP of Research for NSS Labs.

Key findings:

  • There was a considerable difference between the products with the most effective protection and the least effective protection. Product selection may be the single biggest factor determining whether or not a company will be compromised.
  • The highest exploit block rate was 98.8% while the lowest was 11%. 2 vendors received an NSS Recommended rating while 4 received an NSS Caution rating.
  • 20% of the products tested for SEM were unable to act on threats immediately on access or upon download.
  • Only 4 of the 11 vendors tested for SEM provided instantaneous protection against new threats.
  • Most EPP products are still not protecting against specific file-format vulnerabilities such as VLC media player, QuickTime, and RealTime Player.
  • Windows XP-based endpoint vendor support is on the decline

Tested Products in Security Stack: Socially Engineered Malware

  • Bitdefender Endpoint Security v5.3.15.539
  • ESET Endpoint Security v 6.1.2109.0
  • Fortinet FortiClient v5.2.3.0633
  • F-Secure Client Security Premium 11.60 build 284
  • G DATA Security Client v13.1.0.224
  • Kaspersky Endpoint Security v10.2.2.10535
  • McAfee Endpoint Protection v8.0
  • Panda Endpoint Security v7.20.0
  • Sophos Endpoint Security v10.3
  • Symantec Endpoint Security v12.1.4112.4156
  • Trend Micro Endpoint Security v11.0.1057

Tested Products in Exploits & Evasions

  • Bitdefender Endpoint Security v5.3.2
  • ESET Endpoint Antivirus v6.1.2
  • Fortinet Forticlient v.5.2.3.06331
  • F-Secure Client Security Premium v11.6
  • GDATA Endpoint Protection v13.1.2
  • Kaspersky Endpoint Security 10 for Windows v10.2.2
  • McAfee VirusScan Enterprise v8.82
  • Panda Endpoint Protection v7.2
  • Sophos Endpoint Security and Control v10.3
  • Symantec Endpoint Protection v12.1
  • Trend Micro OfficeScan v11.0