Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS 1.0 Executive Summary Miercom conducted a Security Efficacy Analysis of network-based breach detection, Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors Zscaler and FireEye. Standard and advanced security tests were performed to verify the detection, blocking and operational capabilities on multiple areas of modern malware defense, including threat emulation (commonly referred to as sandboxing) and forensic reporting. The ability of the products to correctly identify and block threats from a large sample of malware of an unknown nature emulates what the solutions need to provide in the real world... 1.0 Executive Summary Miercom conducted a Security Efficacy Analysis of network-based breach detection, Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors Zscaler and FireEye. Standard and advanced security tests were performed to verify the detection, blocking and operational capabilities on multiple areas of modern malware defense, including threat emulation (commonly referred to as sandboxing) and forensic reporting. The ability of the products to correctly identify and block threats from a large sample of malware of an unknown nature emulates what the solutions need to provide in the real world when users click on web links. Overall test results demonstrated that Zscaler provided the strongest protection of the network by accurately blocking the most malware samples. The Zscaler platform proved to be more effective than FireEye in both performance and accuracy for the malware sample sets Miercom tested. The sample sets were independently created by Miercom. Zscaler’s malware protection was extremely effective. ZScaler’s security efficacy (commonly referred to as catch rate) was 30% better than FireEye Web MPS while testing Zero Day samples. The newly created samples are representative of dynamic threats that incorporate evasive measures that change the characteristics of the malicious file. The same samples that Zscaler detected and blocked were successfully able to bypass both anti-malware protection and file sandboxing within FireEye Web MPS. Key Findings: ? Zscaler correctly classifies and identifies known threats with their first lines of defense; multiple layers of anti-malware and advanced threat protection. ? Zscaler is more efficient. By mitigating known threats immediately upon identification, it only sandboxes unknown objects, which allows for rapid incident response time. ? Zscaler blocks malware in the cloud, malicious objects never make it to the corporate network. The result is better performance, better security and less network congestion. During the assessment, we also tested and noted usability, forensic reporting, identification of false negatives and vendor specific limitations. The identification and ability to decompose, emulate, and accurately determine whether or not newly created, Zero Day samples were in fact malicious was the main goal of this line of testing. Zscaler surpassed FireEye by detecting an additional 30% of this type of malware. We were pleased with the overall performance of Zscaler, particularly in its malware blocking and threat emulation effectiveness. Detailed test results follow and demonstrate how Zscaler and FireEye Web MPS compare in regard to malware detection, protection and threat emulation. Robert Smithers CEO Miercom Zscaler APT Competitive Analysis Copyright © 2014 Miercom Page 3 10Dec2014 DR141007D 2.0 Testing Environment Zscaler Environment Zscaler Internet Security FireEye Environment NX 1310 with Web MPS Victim N Source: Miercom APT Industry Assessment 2014 2.1 How We Did It A test bed was created containing each product deployed in-line between a series of victim machines for each product, and a malicious web server that was used to serve up the malware samples. The end-nodes (victims and malicious web server) were all virtualized, but on different hardware to ensure that the machine state was the same throughout testing. Zscaler APT Competitive Analysis Copyright © 2014 Miercom Page 4 10Dec2014 DR141007D Read more... Security Authentication & Access Systems Autonomous Testing Cloud Security Compliance Cyber Data Centre Security Data Compliance Digital Security Endpoint Firewall Hacking IOT Security IT Threats & Vulnerabilities Malware Mobile Security Modern Management Network Security Operational Technology Phishing Ransomware SD-WAN Security Awareness Training Security Monitoring SIEM Threat Detection Threat Prevention Web Application Security XDR Zero Day Zero Trust Vendors 01 Telecom 2SB 8x8 AB Tasty AB Tasty US Absolute Software Anaplan EMEA Aptible APTTUS ATT Auth0 Barracuda Networks Behavox Betterup Binary Tree BlackBerry BMC Software Brightcove Inc. BT Caretower Checkpoint Checkpoint Software Tech. Cigniti Technologies Limited CIO Crowd Claranet CloverETL Colt Technology Services Commaxx AB Commvault Contrast Security Corelight Couchbase CVENT Cylance BlackBerry Cylance DataWatch Datto Decca Design Dell Dell Software Delphix BAE Systems Digicert Diligent Dimension Data Dynatrace Egnyte Enigma Marketing Servics Epicor Exclusive Networks Ltd Firemon ForeScout Technologies, Inc. Forgerock Fortinet Fortinet B.V. Fortinet Germany Fortinet International INC – Dubai Fortinet Security Italy S.R.L Fortinet Security Spain S.L. Fortinet Technologies India Fortinet UK Ltd - GBP Fortinet USA Fusion GBS Gigamon GitHub Hitachi Idox Illumio Illumio Inc Infinidat Infor (Parent) Infor UK Ingram Micro Intel (Parent) Interxion K2 Kappa Data Kaseya International Kingpin Parent Lexmark Lidera LIGLINT LivePerson Ltd Logitech LogRhythm LogRhythm LogRhythm Lookout Lumen Malwarebytes Malwarebytes Malwarebytes Marin Software Matrixx Software McAfee McAfee McAfee McDonald Butler Media Plan (TEST) Medidata Menlo Security Microsoft Microsoft UK Microsoft US Moogsoft MSFT (TMP) NanoRep New Signature Nexthink NICE inContact Nintex Noveau NTT NTT DATA NTT Data (TMP) Nuvias One Identity One Identity US Optimizely DE Optimizely NL OpusCapita AB OVH Cloud Pagerduty Palo Alto Networks Pitney Bowes Planful Plume Design Pollen8 Pro-Active Business Information Ltd Proofpoint Proofpoint Australia PROS QinetiQ Qlik (Parent) Quadient UK Quadrotech Qualys Limited Qualys US Quest Quest US Rapid7 Recorded Future Relay42 Resolve.io Riverbed Technology Sage Salesforce Salesforce.org SEC Datacom SentinelOne Silver Peak Simms Sitecore Siteimprove Slack EMEA Slack Technologies Limited (IE) SolCyber Managed Security Services, Inc. Sonicwall SonicWall Starlink Digicert Synapse 360 Systematika Tata Communications Tata Consultancy Services Tenable The Marketing Practice Thomson Reuters Thoughtspot ThreatQuotient Trend Micro Trend Micro Unit4 Veeam Verizon Virtual Instruments VMware Zimperium ZoomInfo ZScaler Zscaler Netherlands B.V.
1.0 Executive Summary Miercom conducted a Security Efficacy Analysis of network-based breach detection, Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors Zscaler and FireEye. Standard and advanced security tests were performed to verify the detection, blocking and operational capabilities on multiple areas of modern malware defense, including threat emulation (commonly referred to as sandboxing) and forensic reporting. The ability of the products to correctly identify and block threats from a large sample of malware of an unknown nature emulates what the solutions need to provide in the real world...
1.0 Executive Summary Miercom conducted a Security Efficacy Analysis of network-based breach detection, Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors Zscaler and FireEye. Standard and advanced security tests were performed to verify the detection, blocking and operational capabilities on multiple areas of modern malware defense, including threat emulation (commonly referred to as sandboxing) and forensic reporting. The ability of the products to correctly identify and block threats from a large sample of malware of an unknown nature emulates what the solutions need to provide in the real world when users click on web links. Overall test results demonstrated that Zscaler provided the strongest protection of the network by accurately blocking the most malware samples. The Zscaler platform proved to be more effective than FireEye in both performance and accuracy for the malware sample sets Miercom tested. The sample sets were independently created by Miercom. Zscaler’s malware protection was extremely effective. ZScaler’s security efficacy (commonly referred to as catch rate) was 30% better than FireEye Web MPS while testing Zero Day samples. The newly created samples are representative of dynamic threats that incorporate evasive measures that change the characteristics of the malicious file. The same samples that Zscaler detected and blocked were successfully able to bypass both anti-malware protection and file sandboxing within FireEye Web MPS. Key Findings: ? Zscaler correctly classifies and identifies known threats with their first lines of defense; multiple layers of anti-malware and advanced threat protection. ? Zscaler is more efficient. By mitigating known threats immediately upon identification, it only sandboxes unknown objects, which allows for rapid incident response time. ? Zscaler blocks malware in the cloud, malicious objects never make it to the corporate network. The result is better performance, better security and less network congestion. During the assessment, we also tested and noted usability, forensic reporting, identification of false negatives and vendor specific limitations. The identification and ability to decompose, emulate, and accurately determine whether or not newly created, Zero Day samples were in fact malicious was the main goal of this line of testing. Zscaler surpassed FireEye by detecting an additional 30% of this type of malware. We were pleased with the overall performance of Zscaler, particularly in its malware blocking and threat emulation effectiveness. Detailed test results follow and demonstrate how Zscaler and FireEye Web MPS compare in regard to malware detection, protection and threat emulation. Robert Smithers CEO Miercom Zscaler APT Competitive Analysis Copyright © 2014 Miercom Page 3 10Dec2014 DR141007D 2.0 Testing Environment Zscaler Environment Zscaler Internet Security FireEye Environment NX 1310 with Web MPS Victim N Source: Miercom APT Industry Assessment 2014 2.1 How We Did It A test bed was created containing each product deployed in-line between a series of victim machines for each product, and a malicious web server that was used to serve up the malware samples. The end-nodes (victims and malicious web server) were all virtualized, but on different hardware to ensure that the machine state was the same throughout testing. Zscaler APT Competitive Analysis Copyright © 2014 Miercom Page 4 10Dec2014 DR141007D