Malware, Zero Day and Advanced Attack Protection Analysis Zscaler Internet Security and FireEye Web MPS

1.0 Executive Summary Miercom conducted a Security Efficacy Analysis of network-based breach detection, Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors Zscaler and FireEye. Standard and advanced security tests were performed to verify the detection, blocking and operational capabilities on multiple areas of modern malware defense, including threat emulation (commonly referred to as sandboxing) and forensic reporting. The ability of the products to correctly identify and block threats from a large sample of malware of an unknown nature emulates what the solutions need to provide in the real world...
1.0 Executive Summary Miercom conducted a Security Efficacy Analysis of network-based breach detection, Zero Day and Advanced Persistent Threat (APT) protection solutions that utilize threat emulation. The assessment included products from vendors Zscaler and FireEye. Standard and advanced security tests were performed to verify the detection, blocking and operational capabilities on multiple areas of modern malware defense, including threat emulation (commonly referred to as sandboxing) and forensic reporting. The ability of the products to correctly identify and block threats from a large sample of malware of an unknown nature emulates what the solutions need to provide in the real world when users click on web links. Overall test results demonstrated that Zscaler provided the strongest protection of the network by accurately blocking the most malware samples. The Zscaler platform proved to be more effective than FireEye in both performance and accuracy for the malware sample sets Miercom tested. The sample sets were independently created by Miercom. Zscaler’s malware protection was extremely effective. ZScaler’s security efficacy (commonly referred to as catch rate) was 30% better than FireEye Web MPS while testing Zero Day samples. The newly created samples are representative of dynamic threats that incorporate evasive measures that change the characteristics of the malicious file. The same samples that Zscaler detected and blocked were successfully able to bypass both anti-malware protection and file sandboxing within FireEye Web MPS. Key Findings: ? Zscaler correctly classifies and identifies known threats with their first lines of defense; multiple layers of anti-malware and advanced threat protection. ? Zscaler is more efficient. By mitigating known threats immediately upon identification, it only sandboxes unknown objects, which allows for rapid incident response time. ? Zscaler blocks malware in the cloud, malicious objects never make it to the corporate network. The result is better performance, better security and less network congestion. During the assessment, we also tested and noted usability, forensic reporting, identification of false negatives and vendor specific limitations. The identification and ability to decompose, emulate, and accurately determine whether or not newly created, Zero Day samples were in fact malicious was the main goal of this line of testing. Zscaler surpassed FireEye by detecting an additional 30% of this type of malware. We were pleased with the overall performance of Zscaler, particularly in its malware blocking and threat emulation effectiveness. Detailed test results follow and demonstrate how Zscaler and FireEye Web MPS compare in regard to malware detection, protection and threat emulation. Robert Smithers CEO Miercom Zscaler APT Competitive Analysis Copyright © 2014 Miercom Page 3 10Dec2014 DR141007D 2.0 Testing Environment Zscaler Environment Zscaler Internet Security FireEye Environment NX 1310 with Web MPS Victim N Source: Miercom APT Industry Assessment 2014 2.1 How We Did It A test bed was created containing each product deployed in-line between a series of victim machines for each product, and a malicious web server that was used to serve up the malware samples. The end-nodes (victims and malicious web server) were all virtualized, but on different hardware to ensure that the machine state was the same throughout testing. Zscaler APT Competitive Analysis Copyright © 2014 Miercom Page 4 10Dec2014 DR141007D
Read more...