Enterprise Endpoint Testing Results

In October 2010, AV-Test.org again performed endpoint security benchmark testing on five market-leading Enterprise endpoint solutions from Symantec, McAfee, Microsoft, Sophos, and Trend Micro. For the fourth straight month, OfficeScan has outperformed its peer competitive products in the overall results, Exposure Layer results and time to protect results. For a historical view of these test results, check out the tab labeled "Historical Results".

Testing Methodology

Traditional tests have focused on identifying the product that can best detect a set of known malware files during a closed test. This type of testing is outdated and does not take into account how threats typically propagate today, or how computers are used. In this test, AV-Test.org utilized a testing methodology that is more real-world focused in which the samples are malicious URLs with associated malware files and allowed the solutions to block threats at their source (Exposure Layer), during download (Infection Layer) or on execution (Dynamic Layer). Also tested is the ability to source, analyze and protect against any samples that went undetected during the first round by re-testing 1 hour later.

Trend Micro outperforms all other vendors

And in the time to protect category, Trend Micro ranked #1 too.

Why Trend Micro outperformed the competition

Trend Micro has outperformed the competition in a number of recent tests (See NSS Labs) due to the Smart Protection Network™ infrastructure that powers products for consumer, SMB, Enterprise, Partner and SaaS customers but also powers our mobile, endpoint, server, messaging, gateway and SaaS solutions. This unique cloud-client architecture that uses Smart feedback to source new potential threats, patent-pending correlation to analyze multiple threat vectors (web, email, file) in real-time and in-the-cloud reputation databases to deliver protection wherever our customers connect, allows Trend Micro to react faster than other vendors against new threats. Our cloud-based protection network is the most evolved and comprehensive network in the industry blocking over 5.9 billion email, web and file-based threats targeting our customers daily.

SMB Endpoint Testing Results

In October 2010, AV-Test.org performed endpoint security benchmark testing on five market-leading SMB endpoint solutions from Symantec, McAfee, ESET, Kaspersky, and Trend Micro. The Trend Micro Worry-Free Business Security outperformed its peer competitive products in the overall results, Exposure Layer results and time to protect results.

Testing Methodology

Traditional tests have focused on identifying the product that can best detect a set of known malware files during a closed test. This type of testing is outdated and does not take into account how threats typically propagate today, or how computers are used. In this test, AV-Test.org utilized a testing methodology that is more real-world focused in which the samples are malicious URLs with associated malware files and allowed the solutions to block threats at their source (Exposure Layer), during download (Infection Layer) or on execution (Dynamic Layer). Also tested is the ability to source, analyze and protect against any samples that went undetected during the first round by re-testing 1 hour later.

Trend Micro outperforms all other vendors

And in the time to protect category, Trend Micro ranked #1 too.

Why Trend Micro outperformed the competition

Trend Micro has outperformed the competition in a number of recent tests (See NSS Labs) due to the Smart Protection Network™ infrastructure that powers products for consumer, SMB, Enterprise, Partner and SaaS customers but also powers our mobile, endpoint, server, messaging, gateway and SaaS solutions. This unique cloud-client architecture that uses Smart feedback to source new potential threats, patent-pending correlation to analyze multiple threat vectors (web, email, file) in real-time and in-the-cloud reputation databases to deliver protection wherever our customers connect, allows Trend Micro to react faster than other vendors against new threats. Our cloud-based protection network is the most evolved and comprehensive network in the industry blocking over 5.9 billion email, web and file-based threats targeting our customers daily.

Trend Micro Consistency over Time

Traditional tests have focused on identifying the product that can best detect a set of known malware files during a closed test. This type of testing is outdated and does not take into account how threats typically propagate today, or how computers are used. As such, Trend Micro has been commissioning AV-Test.org monthly to utilize a testing methodology that is more real-world focused in which the samples are malicious URLs with associated malware files and allowed the solutions to block threats at their source (Exposure Layer), during download (Infection Layer) or upon execution (Dynamic Layer). Also tested was the ability to source, analyze and protect against any samples that went undetected during the first round by re-testing 1 hour later. Over time, it has become apparent that Trend Micro's approach using the Smart Protection Network and multiple layers of protection has identified an ability to consistently block real-world threats more effectively than its competitors.

From the chart below, you see the overall results for each product tested (Enterprise Endpoint Solutions) since March 2010 through October 2010. Most vendors have wide fluctuations in their results which are due to a number of factors:

1. Vendor is still focused on file-based protection which is difficult to keep updated with the number of new threats being released each hour.
2. Vendor does not provide blocking of malicious URLs, which is the source of most infections today.
3. Vendor does not have automated sourcing of unknown threats.
4. Vendor does not have automatic correlation of new threat data in order to quickly identify unknown threats
5. Vendor does not have cloud-based protection and still requires signature files to be delivered to each and every endpoint computer, thus delaying the time to protect.

Overall Results
Total Percentage of all threats blocked at each layer:
Exposure, Infection and Dynamic

The Trend Micro Smart Protection Network provides a consistent source of blocking real-world threats as you can see from the narrow band of results above. This is due to the Smart Protection Network infrastructure that not only powers products for consumer, SMB, Enterprise, Partner and SaaS customers but also powers our mobile, endpoint, server, messaging, gateway and SaaS solutions. This unique cloud-client architecture that uses Smart feedback to source new potential threats, patent-pending correlation that analyzes multiple threat vectors (web, email, file) in real-time and in-the-cloud reputation databases to deliver protection wherever our customers connect, allows Trend Micro to react faster than other vendor against new threats. Our cloud-based protection network is the most evolved and comprehensive network in the industry blocking over 5.9 billion email, web and file-based threats targeting our customers daily.

ARCHIVES

December 2009
May 2010
June 2010