Kaspersky Lab

TheSamaritan

Lethal Weapon Against Exploits: Kaspersky Lab’sCorporate Solution Outstrips Its Competitors Again

Kaspersky Lab’s security solution forcorporate users Kaspersky Endpoint Security for Business once again proved itseffectiveness in the Real World Enterprise Security Exploit Prevention Testcarried out by MRG Effitas between November 2013 and February 2014.

Exploits are malicious programs thatutilize vulnerabilities (i.e., critical errors in the code) in legitimatesoftware to penetrate a computer. An exploit usually affects the system when auser of vulnerable applications visits an infected web page. Any web page, evenone that is familiar and has been safely visited before, can be infected. Theexploit is activated without the user’s knowledge and does not require anexecutable file to download or run.

For corporate users exploits are even moredangerous because an attack on a company’s computers can disrupt its businessprocesses and lead to huge losses – both financial and reputational. The use ofexploits drastically increases the efficiency of targeted cyber-attacks onorganizations. One of the more recent examples is the Careto malware which hitat least 380 public and private targets worldwide. Protecting corporate clientsis even more complicated because some companies have to use software that isonly compatible with older – and consequently more vulnerable – versions ofJava, for which the majority of exploits are written today.

MRG Effitas investigated the level ofanti-exploit protection provided by six corporate products from differentvendors. Unlike its competitors, not only was Kaspersky Endpoint Security forBusiness tested as an integrated product but its Automatic Exploit Preventionmodule was also trialed in isolation from all other protection mechanisms. Thisanti-exploit technology is used in all Kaspersky Lab protection solutions.

The experts at MRG Effitas selected 110malicious links containing exploits to test the protection provided by thedifferent products. The vast majority (98) of these exploits targeted the Javaplatform. The surge in their number over the last two years was the subject ofthe Kaspersky Lab study “Java under attack - the evolution of exploits in2012-2013”.

The testing was divided into two stages.The first stage determined the percentage of exploits blocked at an earlyphase, before the malicious code started its destructive activity. The secondstage was less stringent and the security solution was awarded a “pass” if itfailed to block the initial exploit but managed to counter any malware it triedto load.

Kaspersky Endpoint Security for Businessdemonstrated the best results in the first stage blocking 98% of exploits. Evenwhen Automatic Exploit Prevention was tested in isolation, without any othersecurity features, the solution performed better than most of the otherparticipants and shared second place after blocking 95% of the exploits.

At the second stage Kaspersky EndpointSecurity for Business blocked 100% of the threats. Only one rival product couldmatch this result while the other participants scored no more than 94%. Theresults of the Real World Enterprise Security Exploit Prevention Test sawKaspersky Lab’s corporate solution receive the MRG Effitas Certified award.

Oleg Ishanov, Director Anti-MalwareResearch, Kaspersky Lab, commented: "To date, no serious cyber-attacktargeting an organization can function without exploits. Acting as secretly aspossible, exploits seize control of the computer and then run malicious codethat unleashes the main part of the attack. So it is much safer to block theexploit at the first stage, before it can load malicious programs onto thecomputer. The MRG Effitas test demonstrated that our Automatic ExploitPrevention technology could cope with this task better than our competitors’solutions even when isolated from the other security sub-systems in the product.”

Testing was carried out on a 64-bit version ofMicrosoft Windows 7 Enterprise SP1. The applications, which were mostfrequently targeted by exploits in the preceding year, such as Java 1.7, AdobeReader 9.3, Flash Player 10.1, Silverlight 5.1 and Internet Explorer 8.0, werealso installed on the test computers.