Endpoint security products failing against targeted attacks
While most endpoint security products are capable of handling public email and web-based threats, many are unable to provide complete protection against targeted attacks, according to a new report.
Security testing firm SE Labs tested a variety of endpoint security products from different vendors in order to gauge their effectiveness.
It found Broadcom was the only enterprise product that proved to be 100 percent effective against targeted attacks, while Crowdstrike and FireEye stopped all but one. Other security software tested missed between two to four attacks.
"Sometimes a targeted attack can be as simple as someone using a basic tool downloaded from the internet. Your adversary might be your neighbour, rather than a government-backed organisation. In fact, that's possibly more likely," says Simon Edwards, CEO of SE Labs. "But it doesn't really matter who represents a threat to you: a resourceful cyber ninja or an idiot colleague, when someone buys endpoint protection they expect it to stop attacks, sophisticated or otherwise. Our independent tests give people the assurance beyond the marketing hype."
The tests weighted protection ratings depending on how products handle threats based on the outcome, with 'blocked' being the obvious preferred outcome.
Consumer products fared slightly better that the enterprise tools with three products being 100 percent effective against targeted attacks. When SE Labs' weighted rating was taken into consideration only Kaspersky and Norton scored a 100 percent protection rating. Avast, AVG, F-Secure and Avira stopped all but one targeted attack, while other security software missed between three and eight attacks.
You can get the full report on the SE Labs site.