Trend Micro Endpoint Comparative Report Performed by AV Test.org



Similar documents
Internet Explorer Exploit Protection ENTERPRISE BRIEFING REPORT

Proactive Rootkit Protection Comparison Test

How To Test For Security Protection

Fully supported Antivirus software (Managed Antivirus)

Endpoint Security Solutions Comparative Analysis Report

CORPORATE AV / EPP COMPARATIVE ANALYSIS

Symantec Endpoint Protection

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Enterprise Anti-Virus Protection

Enterprise Anti-Virus Protection

Enterprise Anti-Virus Protection

Symantec Endpoint Protection

Virtual Desktops Security Test Report

Cyber Security Solutions for Small Businesses Comparison Report: A Sampling of Cyber Security Solutions Designed for the Small Business Community

Kaspersky Security. for Virtualization 1.1 and Trend Micro Deep. Security 8.0 virtual environment detection rate and performance testing by AV-Test

INCREASINGLY, ORGANIZATIONS ARE ASKING WHAT CAN T GO TO THE CLOUD, RATHER THAN WHAT CAN. Albin Penič Technical Team Leader Eastern Europe

Trend Micro Cloud App Security for Office 365. October 27, 2015 Trevor Richmond

Applying machine learning techniques to achieve resilient, accurate, high-speed malware detection

Cascadia Labs URL Filtering and Web Security

User Documentation Web Traffic Security. University of Stavanger

Endpoint Security Solutions (Physical & VDI Environment) Comparative Testing Analysis

Top five strategies for combating modern threats Is anti-virus dead?

Enterprise Anti-Virus Protection

How To Understand What A Virus Is And How To Protect Yourself From A Virus

Office 365 Cloud App Security MARKO DJORDJEVIC CLOUD BUSINESS LEAD EE TREND MICRO EMEA LTD.

Cyber Security Solutions:

Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?

WEB PROTECTION. Features SECURITY OF INFORMATION TECHNOLOGIES

Symantec Endpoint Protection Analyzer Report

Cisco Advanced Malware Protection

The Hillstone and Trend Micro Joint Solution

Malware and Other Malicious Threats

ESET a pioneer of IT security since 1987

Cascadia Labs URL Filtering and Web Security

Real World and Vulnerability Protection, Performance and Remediation Report

Symantec Endpoint Protection Integration Component 7.5 Release Notes

ENTERPRISE EPP COMPARATIVE REPORT

For additional information and evaluation copies of Trend Micro products and services, visit our website at

Online Banking and Endpoint Security Report October 2012

Client Manager for Endpoint Protection (CMEP) User s Guide

Building a Business Case:

Fighting Advanced Threats

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

Connected Threat Defense Strategy. Eva Chen, Co-Founder and CEO

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

Evolutions in Browser Security

Reducing the cost and complexity of endpoint management

ESET Security Solutions for Your Business

Cloud App Security. Tiberio Molino Sales Engineer

Core Protection Module 1.6 for Mac powered by. User s Guide

Endpoint Security for DeltaV Systems

Cisco Advanced Malware Protection for Endpoints

Intelligent, Scalable Web Security

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

ENDPOINT PROTECTION Understanding the Challenges and Evaluating a Solution

Endpoint Buyers Guide

REVOLUTIONIZING ADVANCED THREAT PROTECTION

Small Business Anti-Virus Protection

What Do You Mean My Cloud Data Isn t Secure?

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

Home Anti-Virus Protection

isheriff CLOUD SECURITY

Symantec Endpoint Protection

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

The Symantec Approach to Defeating Advanced Threats

Small Business Anti-Virus Protection

Cisco Advanced Malware Protection for Endpoints

Stop advanced targeted attacks, identify high risk users and control Insider Threats

Small Business Anti-Virus Protection

MRG Effitas Real World Enterprise Security Exploit Prevention March Real World Enterprise Security Exploit Prevention Test.

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

MRG Effitas Real World Enterprise Security Exploit Prevention March Real World Enterprise Security Exploit Prevention Test.

Cloud Security VS Cybercrime Economy: The Kaspersky Vision. Eugene Kaspersky Co-founder & CEO, Kaspersky Lab

Tracking Anti-Malware Protection 2015

Transcription:

Trend Micro Endpoint Comparative Report Performed by AV Test.org Results from December 2009 Executive Summary In December of 2009, AV Test.org performed endpoint security benchmark testing on five market leading Enterprise endpoint solutions from Symantec, McAfee, Microsoft, Sophos and Trend Micro. AV Test.org tested zero day attacks actually occurring in the wild by sourcing malicious URLs that had malware associated with them. The testing occurred simultaneously across all vendors platforms to ensure no biases during the test runs. Products were configured to block or detect the threats at multiple levels, thereby giving each vendor maximum ability to protect against these threats. In these tests, Trend Micro emerged as the overall winner. Trend also demonstrated a decided advantage in blocking these threats at their source, the URL, with a significant contribution from Trend Micro Smart Protection Network and its Web reputation services. With an overall score at blocking zero day threats of nearly 66 percent, the Trend Micro OfficeScan Client/Server Edition 10 (OfficeScan 10) stands distinctly apart from other products, whose averages ranged from just 38 to 59 percent. Overview Traditionally, endpoint testing has been done by updating each product s signatures, removing the device from the network, and then copying a test set of malicious files onto the device to determine how many can be caught. That was fine when only a small number of malicious files were being introduced to the world, but today, according to the latest statistics from AV Test.org, we re seeing over 1.5 million unique samples every month.

Exposure Layer Detection and Blocking Reduces Risk This threat of volume is creating issues for all vendors who attempt to keep up with these new emerging threats simply using file based detection methods. File based detection requires that each threat have an analogous signature file created and distributed by the antivirus company. Additionally, the majority of threats now come from the Internet (92% according to TrendLabs in 2008) via compromised webpages, BSEO (Blackhat Search Engine Optimization) and the use of social engineering. New technologies need to be used to combat these new threat vectors. As such, Trend Micro commissioned AV Test.org to perform a more real world test of endpoint solutions that doesn t just score how well a product can detect file based threats (Infection Layer), but includes the ability to block the threat at its source (Exposure Layer). The ability of a solution to source, analyze and block new threats that it cannot identify is becoming critical, due to the rapid rise in the amount of threats being released in the wild. Exposure Layer blocking reduces the risk to the network because fewer threats will impact network bandwidth, or require computing resources to block them at the endpoint. Another aspect of the test performed by AV Test.org is retesting after 1 hour to determine if any vendors have added new protection for threats missed in the initial run (a.k.a. Time to Protect ). In December 2009, AV Test.org tested five market leading Enterprise endpoint solutions from Symantec, McAfee, Microsoft, Sophos and Trend Micro. Trend Micro emerged as the overall winner, with a decided advantage in both Exposure layer protection and time to protect. 2 of 6

As shown below, Trend Micro OfficeScan 10 ranked #1 in Overall Protection against these leading vendors in number of threats blocked. Products Tested AV Test.org tested the following five products during December 2009: Trend Micro OfficeScan Client/Server Edition 10 Symantec Endpoint Protection v11 Microsoft Forefront Client Security v1.5 McAfee Total Protection for Endpoint with Artemis and SiteAdvisor Sophos Endpoint Security and Control v9.0.1 Results and Analysis Trend Micro OfficeScan 10, powered by the Smart Protection Network, which includes both Web reputation and File reputation capabilities, performed well at both the Exposure layer and the Infection Layer, allowing it to receive the top ranking among all solutions. 3 of 6

Trend Micro and Sophos appear to have the most robust technology to block threats at their source, thereby, ensuring no file is downloaded prior to detection. Symantec and Microsoft do not have any technology within the client portion of their Enterprise solutions capable of blocking threats coming from URLs at their source. They must wait to analyze the file during download or while writing to disk*. McAfee does include SiteAdvisor to block malicious web pages, but for this test it did not have a good showing. Symantec and McAfee performed the best at the Infection layer, which helped their overall score, but based on their Exposure Layer score it still appears they are focused on blocking threats using their file based or signature based detection methods. This could cause issues as more malicious files are released to the wild. Depending on file and signature based methods requires more work to create the signature files, distribute and update these files on each endpoint. As a result, the network and the endpoint computer resources will be increasingly used for protection, as threats multiply. Overall, the scores are lower than you would normally see in many of today s tests. We think that is due to the fact that we tested Zero day threats and the corpus of URLs and files were sourced very shortly prior to the test, thereby not allowing the vendors much time to obtain the samples. Another aspect not widely known is that the underground cybercriminal industry provides services to developers for testing malicious files against the latest signatures from vendors. These tools buy the criminals have some time before their malicious files can be detected. http://www.wired.com/threatlevel/2009/12/virus check/ These issues require vendors to vastly improve their ability to source, analyze and block unknown threats. For this reason, the methodology utilized by AV Test.org in this test by rerunning the samples again after 1 hour. This gives vendors products a chance to find and block threats through feedback, analyze each of the URLs and files and ultimately provide protection 4 of 6

prior to the next run. The plus one hour tests should have improved if feedback was well used to improve protection. However, the scores were disappointing for all vendors, except for Trend Micro. As shown, Trend Micro was able to block 90 additional URLs after 1 hour using the Smart Feedback component built into OfficeScan 10. No other vendor was able to add additional protection for unknown threats that went undetected. On the Infection layer, no vendor was able to add any appreciable increases in detection for files not detected in the initial run. Trend Micro added detection for 2 additional files and Sophos added 1 file after 1 hour. Clearly, all vendors need improvement in this area. Rankings, Corpus, and Methodology Scoring and Rankings The overall scores were derived by taking a weighted average from each layer (Exposure & Infection) in order to ensure each vendor was given credit regardless of which layer their products blocked each threat. Note that these rankings do not consider performance, scalability, user interface, features, or functionality only protection effectiveness against the December 2009 corpus. 5 of 6

The Corpus AV Test.org compiled the corpus for testing by searching the Internet for malicious URLs that have associated malware. For this test they found 977 URLs and the associated 977 malicious files to conduct the test. The URLs/files that AV Test.org uses for testing are gathered from sites in the wild, using a variety of proprietary discovery, analysis, and verification techniques. They are neither supplied by, nor known to, any of the companies whose products were tested. Test Methodology The test methodology adopted by AV Test.org was developed together with Trend Micro and can be found within the following whitepaper. http://us.trendmicro.com/imperia/md/content/us/trendwatch/coretechnologies/wp01_bench meth_090922us.pdf?zid=nss_lp_benchmark_pdf In Summary Some conclusions we can make from the data presented here. 1. Vendors like Trend Micro that have invested in and provided solutions that block threats at multiple layers (Exposure & Infection) provide better overall security against the new threats propagating today. They improve protection by keeping threats completely off the network or computer using proactive technologies like Web reputation instead of waiting for malicious files to be downloaded. 2. Zero day threats are more difficult to defend against, which is why the overall scores are lower than traditional detection rate tests, and why the Time to Protect factor has to be included in any real world tests. This shows the effectiveness of a vendor at sourcing, analyzing and providing protection for any unknown threats. This comparative review, conducted independently by AV-Test.org in December 2009, was sponsored by Trend Micro. AV-Test.org aims to provide objective, impartial analysis of each product based on hands-on testing in its security lab. * Symantec and Microsoft do provide this type of protection in other products (gateway), but these were not used in this test. 6 of 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information