When testing products for security effectiveness, providing results for protection against exploits without fully factoring in various evasion techniques can be misleading. Attackers use evasions to disguise attacks so they can avoid detection. This enables them to bypass security products and carry out their motives on the target. If a security product fails to identify and properly normalize a method of evasion, this could allow an attacker to utilize an entire class of exploits for which the product is assumed to have protection, rendering it ineffective. For this reason, NSS Labs verifies that tested products are capable not only of detecting and blocking exploits, but also of providing protection when exploits are delivered using a wide variety of evasion techniques.
NSS test reports are designed to address the challenges faced by IT professionals in selecting and managing security products. The scope of this methodology includes: