ENTERPRISE ENDPOINT COMPARATIVE REPORT

SECURITY STACK: EXPLOITS

Authors Randy Abrams, Thomas Skybakmoen

Tested Products
Bitdefender Endpoint Security v5.3
ESET Endpoint Antivirus v6.1
Fortinet FortiClient v5.2
F-Secure Client Security Premium v11.60
G Data Endpoint Protection 13.1
McAfee VirusScan Enterprise 8.81
Kaspersky Endpoint Security v10.2.2
Sophos Endpoint Security and Control v10.3
Symantec Endpoint Protection v12.1
Trend Micro OfficeScan v11.0

McAfee test results were not published as a result of a configuration issue that caused inaccurate results. McAfee
has been made aware of this issue and NSS Labs is working with McAfees team to make sure it will be resolved
with their results slated to be published in the next stack security test report
1

NSS Labs

Endpoint Protection Enterprise Comparative Report: Stack Exploits

Exploit Protection
The exploitation of software vulnerabilities is one of the most common and effective cyber-attacks that
enterprises face today. Commonly known as drive-by exploits, these attacks silently compromise a
victims computer without the user being aware. Drive-by exploits have become a favored tool of cyber
criminals and other threat actors. Endpoint protection (EPP) products must provide robust defenses
against these threats.
This test was conducted with live (real-time) web-based exploits being used by threat actors in active
campaigns identified with NSS Cyber Advanced Warning System. In this report, NSS tests 10 EPP
products in order to determine which products offer the best protection against drive-by exploits.
This test was conducted free of charge, and NSS did not receive any compensation for vendor
participation.
Product
F-Secure Client Security Premium 11.60
Kaspersky Endpoint Security 10.2.2
Symantec Endpoint Protection 12.1
ESET Endpoint Antivirus 6.1
Fortinet FortiClient 5.2
Trend Micro OfficeScan 11.0
G Data Endpoint Protection 13.1
Sophos Endpoint Security and Control 10.3
Bitdefender Endpoint Security 5.3

Block Rate
100.00%
100.00%
100.00%
98.79%
98.79%
98.79%
94.84%
89.18%
85.34%

NSS Labs Rating

Recommended
Recommended
Recommended
Recommended
Recommended
Recommended
Neutral
Neutral
Neutral

Figure 1 Block Rate

The results presented in this report were obtained via 24x7 continuous testing between March 10, 2015
and March 24, 2015 at the NSS facility in Austin, Texas. This test includes a total of 726 attacks used by
Threat Actors in active campaigns during the course of the test.
In order to test a real-world deployment, vendors are encouraged to configure their products for
optimal security effectiveness and performance as they would recommend in a typical enterprise
deployment. Blocking exploits is a critical component of an endpoint protection product. When an
exploit is blocked, the delivery of known and unknown malware is also blocked. For this reason, blocking
exploits offers more comprehensive protection than malware protection alone. Figure 1 (above) depicts
the percentage of attacks blocked throughout the duration of the test.
Testing was performed in accordance with the Security Stack: Test Methodology v1.5. NSS test
methodologies are available at www.nsslabs.com.

NSS Labs

Endpoint Protection Enterprise Comparative Report: Stack Exploits

Consistency of Protection
Figure 2 depicts the consistency of protection rates throughout the duration of the test.

Figure 2 Protection over the Duration of the Test

Fluctuations in coverage can be caused by a variety of factors. EPP updates will at times drop detection
for an exploit and then restore the protection in a subsequent update. As new domains are registered,
or legitimate websites are compromised, time is required to update reputation systems in order to
provide protection. Frequent fluctuations in protection indicate undetected exploits, erratic protection
against new and existing attacks, or both. Average block rates are less reliable indicators of protection
quality when significant lapses occur frequently.

NSS Labs

Endpoint Protection Enterprise Comparative Report: Stack Exploits

Environment
Operating System:
Windows 7 Enterprise Service Pack 1 32-bit
Windows Defender disabled
Windows Firewall disabled
Browser:
Internet Explorer 9.0.8.8112.16421
Smart Screen Filter disabled
Application Reputation disabled
Applications:
Silverlight 4.x and 5.x versions
Adobe Flash Player 10/11 with ActiveX/10/11 Plugins
Adobe Reader 10/11
Java 6 and Java 7 versions

NSS Labs

Endpoint Protection Enterprise Comparative Report: Stack Exploits

Test Methodology
Security Stack: Test Methodology v1.5
A copy of the test methodology is available on the NSS Labs website at www.nsslabs.com

Contact Information
NSS Labs, Inc.
206 Wild Basin Road
Building A, Suite 200
Austin, TX 78746
[email protected]
www.nsslabs.com

This and other related documents available at: www.nsslabs.com. To receive a licensed copy or report
misuse, please contact NSS Labs.
2015 NSS Labs, Inc. All rights reserved. No part of this publication may be reproduced, copied/scanned, stored on a retrieval
system, e-mailed or otherwise disseminated or transmitted without the express written consent of NSS Labs, Inc. (us or we).
Please read the disclaimer in this box because it contains important information that binds you. If you do not agree to these
conditions, you should not read the rest of this report but should instead return the report immediately to us. You or your
means the person who accesses this report and any entity on whose behalf he/she has obtained this report.
1. The information in this report is subject to change by us without notice, and we disclaim any obligation to update it.
2. The information in this report is believed by us to be accurate and reliable at the time of publication, but is not guaranteed. All
use of and reliance on this report are at your sole risk. We are not liable or responsible for any damages, losses, or expenses of
any nature whatsoever arising from any error or omission in this report.
3. NO WARRANTIES, EXPRESS OR IMPLIED ARE GIVEN BY US. ALL IMPLIED WARRANTIES, INCLUDING IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT, ARE HEREBY DISCLAIMED AND EXCLUDED
BY US. IN NO EVENT SHALL WE BE LIABLE FOR ANY DIRECT, CONSEQUENTIAL, INCIDENTAL, PUNITIVE, EXEMPLARY, OR INDIRECT
DAMAGES, OR FOR ANY LOSS OF PROFIT, REVENUE, DATA, COMPUTER PROGRAMS, OR OTHER ASSETS, EVEN IF ADVISED OF THE
POSSIBILITY THEREOF.
4. This report does not constitute an endorsement, recommendation, or guarantee of any of the products (hardware or software)
tested or the hardware and/or software used in testing the products. The testing does not guarantee that there are no errors or
defects in the products or that the products will meet your expectations, requirements, needs, or specifications, or that they will
operate without interruption.
5. This report does not imply any endorsement, sponsorship, affiliation, or verification by or with any organizations mentioned in
this report.
6. All trademarks, service marks, and trade names used in this report are the trademarks, service marks, and trade names of their
respective owners.