03/2013
McAfee Leads in Protection Against the Most Advanced Threats
Numbers Don't Lie
#1 in Exploit Protection
#1 in Evasion Protection
#1 in Day Zero Rootkit Protection
Endpoint Protection Products (EPPs) are traditionally designed to protect from known threats via signature-based scanning. Knowing that, today's fast moving advanced threats are created to take advantage of new vulnerabilities in operating systems and other services like Flash or Java. The ability to block new exploits and not just known malicious files is a fundamental requirement of today's antimalware products.
Most third-party tests measure straight detection of known files. The NSS Exploits test is one of the few that goes beyond this to judge a product's zero-day protection.
Exploit Results: Against 10 of the most prevalent commercial security vendors, McAfee's endpoint products (VirusScan Enterprise, Host Intrusion Prevention, and Site Advisor Enterprise) were the clear winner in the NSS testing achieving an overall score of 97% of all threats being blocked. The next closest competitor, Kaspersky, came in at 92% and Symantec at 91%.
If an EPP product can block an exploit, it has effectively blocked any and all malware that the exploit may attempt to execute or install. The ability to stop the payload an exploit delivers has value, but provides far less protection than blocking the exploit.
McAfee a Leader in Protecting Against Advanced Evasion Techniques
As security products improve, cybercriminals have reacted by incorporating evasion techniques to conceal payloads, disable security software, and more. This group test is different than most in that it tests EPP products against many of the common evasion techniques used by attackers. Research shows that cybercriminals perform their own testing and make extensive use of evasion techniques.
Typical file or signature-based detection is very poor at protecting against evasion. Techniques that easily bypass this include HTTP evasion and compression, HTML obfuscation, payload encoding, and packers.
Evasion Results: McAfee tied Symantec and Microsoft blocking 100% of the five tested (and commonly used) evasion techniques. Kaspersky failed to block HTTP exploits delivered via non-standard ports.
It's clear from these numbers that the hard part about identifying and blocking evasions is in seeing the "packers" used to hide malicious code from unsophisticated filtering technologies. McAfee endpoint products excel at identifying and blocking this evasion approach.
When you combine the results of the Exploit Protection and Evasion Block rate tests, it's clear that McAfee endpoint products provide the optimal security posture.