McAfee a Leader in Protecting Against Advanced Exploits
Endpoint Protection Products (EPPs) are traditionally designed to protect from known threats via signature-based scanning. Knowing that, today’s fast moving advanced threats are created to take advantage of new vulnerabilities in operating systems and other services like Flash or Java. The ability to block new exploits and not just known malicious files is a fundamental requirement of today’s anti-malware products.
Exploit Results: Against 10 of the most prevalent commercial security vendors, McAfee endpoint products (VirusScan Enterprise, Host Intrusion Prevention, and Site Advisor Enterprise) achieved the highest score in exploit testing — blocking 97% of threats in NSS testing.
If an EPP product can block an exploit, it has effectively blocked any and all malware that the exploit may attempt to execute or install. The ability to stop the payload an exploit delivers has value, but provides far less protection than blocking the exploit.
McAfee a Leader in Protecting Against Advanced Evasion Techniques
As security products improve, cybercriminals have reacted by incorporating evasion techniques to conceal payloads, disable security software, and more. This group test is different than most in that it tests EPP products against many of the common evasion techniques used by attackers. Research shows that cybercriminals perform their own testing and make extensive use of evasion techniques.
Typical file or signature-based detection is very poor at protecting against evasion. Techniques that easily bypass this include HTTP evasion and compression, HTML obfuscation, payload encoding, and packers.
Evasion Results: McAfee achieved the highest possible score, blocking 100% of the five tested (and commonly used) evasion techniques. In reviewing the numbers, it’s evident that the hard part about identifying and blocking evasions is in seeing the “packers” used to hide malicious code from unsophisticated filtering technologies. McAfee endpoint products excel at identifying and blocking this evasion approach.
When you combine the results of the Exploit Protection and Evasion Block rate tests, it’s clear that McAfee endpoint products provide the optimal security posture.