Security Solutions: Efficacy Is King

When it comes to rating the effectiveness of security solutions, efficacy is king. Why? All it takes is one malicious request slipping through the net for a damaging breach to take place.

Lots of network security providers claim they are the best at threat detection and prevention. But can they prove it? Brand new third-party research from AV-TEST reveals that Cisco Umbrella is the industry leader in security efficacy, according to the 2020 DNS-Layer Protection and Secure Web Gateway Security Efficacy report.

Overview

AV-TEST is the leading independent research institute for IT security in Germany. For more than 15 years, the cybersecurity experts from Magdeburg have delivered quality-assuring comparison and individual tests of virtually all internationally relevant IT security products.

In November and December 2019, AV-TEST performed a review of Cisco Umbrella alongside comparable offerings from Akamai, Infoblox, Palo Alto Networks, Symantec and Zscaler.

In order to ensure a fair review, the research participants did not supply any samples (such as URLs or metadata) and did not influence or have any prior knowledge of the samples being tested. All products were configured to provide the highest level of protection, utilizing all security-related features available at the time.

The test focused on the detection rate of links pointing directly to PE malware (such as EXE files), links pointing to other forms of malicious files (such as HTML and JavaScript), as well as phishing URLs. A total of 3,668 samples were included in the testing.

DNS-Layer Protection Test

In the first part of this study, DNS-layer protection was tested. DNS-layer protection uses the internet’s infrastructure to block malicious and unwanted domains, IP addresses and cloud applications before a connection is ever established as part of recursive DNS resolution. DNS-layer protection stops malware earlier and prevents callbacks to attackers if infected machines connect to your network.

An ideal use case for DNS-layer protection is guest WiFi networks. With guest WiFi it is usually not possible to install a trusted certificate on the guests’ devices, so HTTPS inspection is not possible. The study, however, shows that DNS-layer protection without a selective proxy still provides a good base layer of security.

DNS-layer protection with selective cloud proxy redirects only risky domain requests for deeper inspection of web content, and does so transparently through the DNS response. A common use case for selective proxy is corporate-owned devices where there is a need to inspect