Zscaler Cloud Web Gateway Test



Similar documents
Virtual Desktops Security Test Report

Endpoint Business Products Testing Report. Performed by AV-Test GmbH

Proactive Rootkit Protection Comparison Test

Real World and Vulnerability Protection, Performance and Remediation Report

Kaspersky Security. for Virtualization 1.1 and Trend Micro Deep. Security 8.0 virtual environment detection rate and performance testing by AV-Test

Windows 8 Malware Protection Test Report

User Documentation Web Traffic Security. University of Stavanger

WildFire. Preparing for Modern Network Attacks

Symantec Advanced Threat Protection: Network

Fighting Advanced Threats

Cisco & Big Data Security

WEBSENSE SECURITY SOLUTIONS OVERVIEW

24/7 Visibility into Advanced Malware on Networks and Endpoints

ESET SMART SECURITY 9

Host-based Intrusion Prevention System (HIPS)

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Protecting the Infrastructure: Symantec Web Gateway

isheriff CLOUD SECURITY

WEBTHREATS. Constantly Evolving Web Threats Require Revolutionary Security. Securing Your Web World

ESET SMART SECURITY 6

Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS

AT&T Global Network Client for Windows Product Support Matrix January 29, 2015

REVOLUTIONIZING ADVANCED THREAT PROTECTION

The Hillstone and Trend Micro Joint Solution

Secure Your Mobile Workplace

FOR MAC. Quick Start Guide. Click here to download the most recent version of this document

Kaspersky Fraud Prevention: a Comprehensive Protection Solution for Online and Mobile Banking

Deep Security/Intrusion Defense Firewall - IDS/IPS Coverage Statistics and Comparison

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

Cloud App Security. Tiberio Molino Sales Engineer

WildFire Reporting. WildFire Administrator s Guide 55. Copyright Palo Alto Networks

Deep Security Intrusion Detection & Prevention (IDS/IPS) Coverage Statistics and Comparison

Mobile App Reputation

Cisco 4Q11. Global Threat Report

Deep Security Vulnerability Protection Summary

McAfee Global Threat Intelligence File Reputation Service. Best Practices Guide for McAfee VirusScan Enterprise Software

ESET CYBER SECURITY PRO for Mac Quick Start Guide. Click here to download the most recent version of this document

Modern Cyber Threats. how yesterday s mind set gets in the way of securing tomorrow s critical infrastructure. Axel Wirth

WildFire Overview. WildFire Administrator s Guide 1. Copyright Palo Alto Networks

ESET NOD32 ANTIVIRUS 9

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

COMPARISON OF FIXED & VARIABLE RATES (25 YEARS) CHARTERED BANK ADMINISTERED INTEREST RATES - PRIME BUSINESS*

ESET NOD32 ANTIVIRUS 8

NetDefend Firewall UTM Services

Cisco Cloud Web Security Key Functionality [NOTE: Place caption above figure.]

Netsweeper Whitepaper

HOW TO PROTECT YOUR VIRTUAL DESKTOPS AND SERVERS? Security for Virtual and Cloud Environments

Using big data analytics to identify malicious content: a case study on spam s

Security Administration R77

Integrating MSS, SEP and NGFW to catch targeted APTs

2015 Miercom Next Generation Firewall Solution Testing: Performance, Compliance and Advantages

Cisco RSA Announcement Update

Firewall and UTM Solutions Guide

The Truth about False Positives

DUBEX CUSTOMER MEETING

Fundamentals of Information Systems Security Unit 1 Information Systems Security Fundamentals

End-user Security Analytics Strengthens Protection with ArcSight

KASPERSKY PRIVATE SECURITY NETWORK: REAL-TIME THREAT INTELLIGENCE INSIDE THE CORPORATE INFRASTRUCTURE

ENABLING FAST RESPONSES THREAT MONITORING

STANDARD ON CONTROLS AGAINST MALICIOUS CODE

STPIC/Admin/002/ / Date: Sub: Quotation for purchase/renewal of Anti Virus Software Reg.

Current counter-measures and responses by CERTs

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Unified Security, ATP and more

Comprehensive Malware Detection with SecurityCenter Continuous View and Nessus. February 3, 2015 (Revision 4)

Advanced Persistent Threats

McAfee Endpoint Protection Products

Symantec Endpoint Protection Analyzer Report

Why a Network-based Security Solution is Better than Using Point Solutions Architectures

EXTENDING NETWORK SECURITY: TAKING A THREAT CENTRIC APPROACH TO SECURITY

ESET Endpoint Security 6 ESET Endpoint Antivirus 6 for Windows

High End Information Security Services

INTRODUCING isheriff CLOUD SECURITY

The Latest Internet Threats to Affect Your Organisation. Tom Gillis SVP Worldwide Marketing IronPort Systems, Inc.

NetDefend Firewall UTM Services

Symantec Endpoint Protection

You ll learn about our roadmap across the Symantec and gateway security offerings.

V1.4. Spambrella Continuity SaaS. August 2

Symantec Endpoint Protection 11.0 Network Threat Protection (Firewall) Overview and Best Practices White Paper

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Express Websense Hosted Web Security

SECURE YOUR BUSINESS WHEREVER IT TAKES YOU. Protection Service for Business

CryptoLocker la punta dell iceberg, impariamo a difenderci dagli attacchi mirati. Patrick Gada 18 March 2015 Senior Sales Engineer

Websense Web Security Solutions. Websense Web Security Gateway Websense Web Security Websense Web Filter Websense Hosted Web Security

OutbreakShield Effective and Immediate Protection against Virus Outbreaks

Evaluating Microsoft s protection performance and capabilities

Transcription:

Zscaler Cloud Web Gateway Test A test commissioned by Zscaler, Inc. and performed by AV-TEST GmbH. Date of the report: April15 th, 2016 Executive Summary In March 2016, AV-TEST performed a review of the Zscaler Cloud Web Gateway solution for the Enterprise to determine the malware detection and blocking capabilities. Zscaler commissioned AV- TEST to run this independent test. In order to ensure a fair review, the sponsor has not supplied any samples or had any influence or any prior knowledge regarding the samples being tested. The following test scenarios are standard tests that AV-TEST does on a regular basis for network-based antimalware solutions. The solution provides two ways to stop malware at the network level today. These are static (signature-based) detection options that protect against known vulnerabilities and malware as well as heuristic and dynamic detection options that cover both known and unknown vulnerabilities and malware. The performed tests cover both approaches: 1. Real World Test: Testing of the effectiveness of dynamic URL filtering capabilities and protection against malware by accessing real URLs that host malicious downloads, 2. Sandbox Test: Detection of relevant current malicious Win32 portable executable (PE) files, also referred as Prevalent Malware, which are not older than 4-8 weeks at the start of the review. 3. False Positive Test: False detection or classification of clean URLs. 4. Social Engineering Test: Detection of current phishing URLs. Breaking out the data by test shows that Zscaler performed well in nearly all tests. The protection score was on a very high level. On the other hand there were only 2 misclassifications in the test of 1886 benign websites. Real-World Testing (URLs) Sandbox Test (Files) Social Engineering (Phishing) Total Samples 6,049 11,567 1,142 Detected Samples 5,892 11,557 1,142 Detection Rate 97.40% 99.91% 100% Figure1: Summary of the test results for Malware blocking Website False Positives Total Samples 1886 Detected Samples 2 False Positive Rate 0.11% Figure2: Summary of the test results for False Positives In total Zscaler detected 99.11% of all malicious threats and had a very low false positive rate in case of benign websites. 1

Overview With the increasing volume of malware, targeted attacks and advanced persistent threats spreading through the Internet these days, the danger of getting infected is higher than ever before. In the year 2000, AV-TEST received more than 170,000 new unique samples, and in 2015, the number of new samples grew to over 140,000,000. The growth of these numbers is displayed in Figure 3. New unique samples added to AV-TEST's malware repository (2005-2016) 160.000.000 140.000.000 120.000.000 100.000.000 80.000.000 60.000.000 40.000.000 20.000.000 0 Dec Nov Oct Sep Aug Jul Jun May Apr Mar Feb Figure 3: New malware samples per year To protect the enterprise network against the enormous number of threats a multilayered security setup is recommended. The layers at a minimum should include the enterprise firewall, a web- and content-filter for every kind of traffic, which is the topic of this document, and an endpoint protection product as the last barrier for the malware. A clever combination of those layers makes it hard for the attacking site to infiltrate the enterprise network. Product Tested The product Zscaler Web Security was tested. It is a cloud based web content filter with advanced threat protection, forensics and real-time analytics. Methodology and Scoring Platform The test environment was set up according to figure 4. The client and webserver were physical machines. The Gateway was installed in line between the client and webserver. The webserver hosted the samples for the PE malware detection test. For the Real World test, the Client 2

downloaded files from the sample URLs and notified the Zscaler Gateway after each URL. The Gateway allow or blocked the URL traffic. Webserver Malware-Collection Zscaler Cloud Web Gateway Router VPN Tunnel VPN Tunnel WWW AV-Test Client Figure 4: Test platform overview 3

Testing methodology AV-TEST received preconfigured appliances from Zscaler and was supported by a Zscaler engineer to setup the appliances. 1. Internet Access. The appliances had access to the Internet at all times in order to use any inthe-cloud queries. 2. Product Configuration. The product was run with the configuration supplied by Zscaler. The appliance was able to perform automatic signature updates all the time. 3. Testing. All files, except for the malicious URLs, were downloaded via http from the webserver to the client system using a Java client. For the URL testing, an additional client with direct internet access has been used to download the reference samples from the Internet. 4. Analysis. The downloaded files were compared with the original files (reference files at URL testing) by MD5 hash. For verifying the results, the appliance report files were analyzed. The static set of files consisted of 11,567 malicious PE files (Prevalent Malware).The dynamic tests were performed using 6,049 working malicious URLs. Test Results Test #1: Real World protection rate Real World threats are typically identified through the Web Gateways ability to open up content for inspection coupled with whatever proactive scanning abilities and cloud intelligence a vendor may provide. A block can be based on URL filtering or Web Reputation services, by signatures or heuristic scanning of the provided content, and other inspection and filtering technologies. In this case 5892 of the 6049 malicious URLs were blocked. With this results Zscaler Web Gateway has a good protection rate of 97.40%. Test #2: Sandbox detection rate The total number of malicious samples tested was 11,567. This includes the following number of samples: 770 Backdoors, 558 Bots, 477 Trojan Downloader, 532 Trojan Dropper, 7,993 Trojan Generic, 179 Trojan Password Stealer, 733 Viruses, 211 Worms, 114 Rogue Software as well as 3,059 potentially unwanted applications (PUA). This test focuses on the generic malware detection and blocking capabilities, especially on the signature-based detection as well as generic and heuristic technologies. 4

Type of Malware Number of Samples Detected Samples % Total Malware 11567 11557 99.91% Backdoors 770 770 100.00% Bots 558 558 100.00% Trojan Downloader 477 477 100.00% Trojan Dropper 532 532 100.00% Trojan Generic 7993 7984 99.89% Trojan PasswordStealer 179 178 99.44% Virus 733 733 100.00% Worms 211 211 100.00% Rogue Software 114 114 100.00% Figure 5: Sandbox detection results of malware Type of Malware Number of Samples Detected Samples % Total PUA 3059 3044 99.51% Figure 6: Sandbox detection results of PUA It was expected that Zscaler Web Gateway will detect almost all samples, which it achieved with a detections rate of 99.91% only missing 10 files, which is very good. Test #3: False Positives of popular Websites The best detection rate is worthless if it involves a high false positive rate. Zscaler achieved a false positive rate of 0.11%. In this part of the test was tested clean popular websites. We also checked whether Zscaler miscategorized certain URLs. Only 2 out of 1886 URLs were not correctly assessed, which is a very good result. Test #4: Social Engineering The phishing social engineering URL is very similar to the real one and you might not notice this on the first view. Phishing, also known as "brand spoofing", is an elaborate form of data theft, targeting possible clients. Zscaler achieved a detection rate of 100%. All 1,142 phishing URLs were detected, including forged websites of various companies, social platforms, banks, online banking services, government agencies and others. 5

Conclusion With the given configuration, Zscaler scored very well in all reviewed categories. In the blocking of malicious content Zscaler achieved a near perfect result. False Positive testing didn t reveal any problems either. Only 2 benign websites were misclassified, which is a very good result taking into account the 1886 test cases. The result of the test underlines the reliability of the Zscaler solution for corporate networks. Appendix Figure 7: Dashboard of Zscaler Web Gateway Copyright 2016 by AV-TEST GmbH, Klewitzstr. 7, 39112 Magdeburg, Germany Phone +49 (0) 391 60754-60, Fax +49 (0) 391 60754-69, Web https://www.av-test.org 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information