Past Articles by This Author:
BlackBerry to Launch BBM Messenger for iOS and Android this SummerApple vs. Samsung Update: Apple Adds Galaxy S4 to Massive LawsuitCondoleezza Rice, Walter Isaacson, Jim Collins to Headline ExactTarget Connections Sept. 17-19ChannelAdvisor and Google Host Webinar to Share Tips for Success with Enhanced CampaignsLeaf Unveils Second Generation of its Built-for-Business TabletBlackBerry Unveils Version 10.1 Now Available for Download for Enterprise UsersBlackBerry Announces Q5 a 'Youthful and Fun Smartphone' BlackBerry to Webcast Keynote and Alicia Keys Performance from OrlandoMcAfee and Intel Deliver New Model for Consumer Security - LiveSafeLeaf Unveils New POS Android Tablet
NSS Labs today released the latest Comparative Analysis Report from its 2013 Group Test for Consumer End Point Protection (EPP), which evaluated 13 leading EPP solutions and their ability to block threats such as exploits, malware and phishing. Phishing attacks represent some of the most common and impactful security dangers consumers face today and NSS' tests suggest many users' EPP products may be providing a false sense of security against these risks.
View the NSS Labs 2013 Consumer End Point Protection Comparative Analysis Report - Phishing.
Based on Market Share, over 90% of Consumers are Inadequately Protected
The top two performers in NSS' test, Trend Micro and Kaspersky, were the only tested products with block rates of over 70% and only account for ~9% of the global end point security software market according to September 2012 OPSWAT report. This leaves over 90% of the market severely under-protected -- and in some cases, virtually unprotected -- from phishing attacks, which can have disastrous consequences for end users. NSS phishing test results yielded several key conclusions:
- Protection levels vary widely between vendors: Protection levels ranged from 3% at the lowest end (Norman) to 92% at the highest (Trend Micro).
- Web browsers should be the first line of defense against phishing: Modern Web browsers now offer 90% to 94% protection against phishing according to NSS tests. Browser makers' security progress allows users running their latest versions to benefit from an extra layer of anti-phishing protection. Consumers should still take time to understand more about phishing and best practices for avoiding phishers' increasingly deceptive attacks.
- Timing is everything: The average time it takes an EPP product to block a new type of phishing attack is critical to overall protection. With phishing attacks having an average lifespan of only 23 hours, effective EPP solutions must identify and begin blocking attacks immediately. Only 2 of the 13 vendors tested, Trend Micro and Kaspersky, were as fast (or faster) than the Web browsers NSS tested at recognizing and adding phishing protection. Both took around 4 - 4.5 hours to block, while the top two web browsers took 2.35 hours and 5.38 hours, respectively.
- Look for balanced protection: Consumers evaluating EPP solutions should consider a product's ability to block against exploits and socially engineered malware, beyond considering anti-phishing performance alone. These general detection capabilities are essential and complement browser-based security.
Commentary: NSS Labs Research Director Randy Abrams
"The change in the security landscape over the past few years is stark. Web browsers were once the Typhoid Mary that stressed antivirus solutions to the breaking point. However, recent NSS tests of browsers and AV products reveal that the leading browsers are now full fledged partners with antivirus in the fight against phishing and are generally doing a better job of protecting against phishing attacks than end point security suites," said Randy Abrams, Research Director at NSS Labs. "The generally low protection against phishing offered by antivirus suites would be cause for serious concern if the leading browsers weren't doing as well as they are at blocking such attacks."
More Articles by This Author...