NSS Labs, Inc., a leading independent security testing organization, announced the release of two test reports of Endpoint Protection Products (EPP). The reports reveal new shortcomings in these widely deployed products. They cover multi-vector attacks (malware delivered from the web, email, network file sharing and USB flash drives), memory-only attacks, and anti-evasion techniques.
Key findings from the reports show:
- Malware caught via one entry point may not be detected when introduced via another entry point. E.g. malware that is detected via a web download could be missed if downloaded from a USB drive or network file server.
- Products missed between 10% and 60% of the evasions typically used by cybercriminals.
- Less than a third of the tested vendors had protection for memory-only malware, leaving a significant evasion gap in their products.
All of the products tested had been certified by multiple organizations. However, traditional antivirus test and certification labs are simply not performing this level of gloves-off testing. Enterprises basing purchasing decisions off such vendor-funded reports are therefore blind to the holes in their endpoint security defences.
“IT organizations worldwide have a false sense of security in part due to tests that have been too easy,” said Vik Phatak, CTO, NSS Labs. “Our test results point towards the need for more realistic testing based on what cybercriminals are actually doing to breach corporate defences.”