By Marc Blackmer We are very pleased to share the news that our Advanced Malware Protection (AMP) for Endpoints won the Approved Business Security Award from AV-Comparatives. And we’re happy about this for a couple of reasons. (Click this link to read the full report.)
Most vendors‘ marketing materials look great, your organization exists in the real world. So, having an independent third-party conduct months of testing against our technology, and us coming out a winner, helps to show the world what our customers already know: that the strength, flexibility, and ease of use of our endpoint security establishes our leadership. We have over a decade of experience in endpoint protection through Immunet (creators of AMP) and Sourcefire (creators of ClamAV).
AV-Comparatives‘ Business Main-Test Series ran from March to June and consisted of two, in-depth tests:
The Malware Protection Test
This test ran in March and consisted of having 1,311 malware samples thrown at us during that time. A passing score required a 90% or higher detection rate and this time zero false positives. We did very well scoring a 99.8% with zero false positives.
The Real-World Protection Test
The idea here was to mimic what happens in, well, the real world. This test ran from March to June and was based upon 732 test cases. The focus here was on user behaviors such as clicking malicious links, opening malicious email attachments, etc.
An efficacy score of 90% or higher and a false positive count of 100 or less were the criteria to pass this test. And, we came in with 98.9% and ranked in the lowest false positive group.
In short, AMP for Endpoints achieved test results that demonstrated a balance of strong protection rates with very low false positives. AV-Comparatives also highlighted Cisco’s broad endpoint platform support and relative ease of deployment.
Beyond antivirus
Secondly, we view this report as further evidence that the security world has moved past the legacy world of antivirus. I’m not saying antivirus doesn’t have a role to play in endpoint security. Our own ClamAV is one of the several mechanisms that AMP for Endpoints uses. What I am saying is that the ‘antivirus as a sole means of endpoint protection‘ ship has sailed – and sailed a long time ago.
The biggest problem with antivirus is that it’s not operationally efficient. That means a lower return on your investment and weaker protection of your business. Back in my IT days in the late 90s and early 2000s, antivirus was a big deal, but it was tough enough to administer when I was at a small, two-office operation let alone when I moved up a 50,000-user, global enterprise. And when the Love Letter worm hit us in 2003, that was a couple days and nights of manual remediation for our entire department, worldwide, because antivirus couldn’t remediate the problem or identify infected hosts.
Now fast forward to today’s world of fileless malware and multi-vector attacks that combine email, web, endpoints, etc. What’s antivirus going to do about those? The answer is pretty obvious.
What was surprising for me to learn recently was that the majority of organizations out there still rely on antivirus for their endpoint protection. I attribute this to deployment fatigue. Rolling out software is hard. I know. I’ve deployed my share of enterprise software. The good news about AMP for Endpoints is that we can be up and running quickly, as noted on page 28 of the AV-Comparatives report:
“Getting started with Cisco Advanced Malware Protection for Endpoints is very straightforward. The console requires no setup, and deploying the client software is quick and easy.”
The Big Picture
We believe it’s important to put our technology to the test and we feel the results speak to how our solution helps our customers protect their organizations. (I’ve included links to other real-world tests below.) We also believe that strong endpoint protection comes from being a part of an integrated security portfolio. One that dynamically shares the latest threat intelligence is the most effective way to defend against modern attacks. And we’ve designed our integrated security portfolio to do exactly that. But that’s another story for another day.
What’s next?
AV-Comparatives‘ testing is continuing through the end of the year and we are looking forward to their year-end report. Tune in here for those results.
Can’t wait for the report? Experience threat hunting with AMP for Endpoints for yourself at one of our Threat Hunting Workshops, or if you can’t wait for the event, sign up for a free trial of AMP for Endpoints at https://cisco.com/go/ampendpoints and see for yourself.
Additional reading
NSS: Achieved “Recommended” ratingMiercom: Achieved “Miercom Performance Verified” certification
Source:: Cisco Security Notice
