Rabin Bhattarai, Edsel Valle, Ryan Kelly, Morgan Dhanraj
Neither traditional antivirus (AV) nor next-generation AV for the endpoint are effective in protecting against today’s advanced threats. The threat landscape has evolved rapidly—new evasion techniques, exploits, and advanced malware leverage various threat vectors to exploit vulnerabilities within operating systems and applications on endpoints. This means that protecting the endpoint today requires a fundamentally different approach.
Advanced endpoint protection (AEP) products focus on preventing cybercriminals from ever reaching or executing on the endpoint. These products employ sophisticated techniques such as machine learning, pattern recognition, or predictive algorithms to detect and block malware and to contain suspicious activities. Additionally, AEP products monitor processes running on endpoints, detect any communication with potentially malicious hosts, and conduct audits of file systems and registries. To enhance the user experience, AEP products typically automate threat remediation policies as well as provide containment capabilities to protect the endpoint.
Several leading AEP products have expanded their technology to provide not only prevention and blocking of attacks but also greater visibility into suspicious activities and richer forensic information. This is especially useful for organizations that do not have skilled security analysts.
NSS Labs performed an independent test of the Cisco AMP for Endpoints v6.0.5. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the NSS Labs Advanced Endpoint Protection Test Methodology v2.0. This test was conducted free of charge and NSS did not receive any compensation in return for Cisco’s participation.
PRODUCT TESTED IN THE FOLLOWING AREAS:
- Security effectiveness: The ability of the product under test to successfully secure its endpoints
- Total cost of ownership (TCO): Costs associated with product purchase, maintenance and updates, and installation and threat-associated costs
- Secure communication: Validation that network traffic between the endpoint and the manager is truly encrypted
- Threat event reporting: The ability to convey threat event and forensics data to the product’s central management station
As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.