Virtualization Technology News and Information
Kaspersky Endpoint Security for Business Scored 100% Detection Rate in Fileless Threats Protection Test by AV-TEST
Kaspersky Endpoint Security for Business received a 100% detection rate and the highest prevention rate (94.12%) of 14 endpoint security vendors in a recent assessment by AV-TEST. The products were judged on the ability to detect fileless threats as well as to protect and remediate malicious actions. 

Fileless threats are used in many forms of malicious activity from advanced targeted attacks to widespread malware campaigns or even generic malware such as Trojan-clickers and adware. Kaspersky researchers are constantly revealing these threats in various attacks such as the PowerGhost cryptominer, attacks on banks with DarkVishnyaTurla's APTs and the Platinum APT. Detection of fileless malware is more complicated than other malware because its malicious code does not store itself on a hard drive, but exists in memory, registry, OS scheduler tasks or Windows system storages such as WMI objects.

In its study, AV-TEST examined products for different categories of fileless attacks including malware execution from WMI storage or by Task Scheduler, running a PowerShell script after the execution of exploits or macros. In addition, the test also monitors for false positives. Of all the solutions tested, Kaspersky Endpoint Security for Business was the only one to detect all 33 attacks, while the average detection rate of all the products was 67.75%. As for protection and remediation, Kaspersky's product prevented 48 out of 51 malicious actions compared to an average protection level of 59.10%. The false positive test revealed no false detection or blocks by Kaspersky's product.

According to AV-TEST, it ran this test "to discover how marketing promises of efficient fileless threat protection, claims about unbelievable advantages of some protective tools and different ad slogans correlate with reality. This test is aimed to show what fileless malware can do and which security products are capable of detecting, blocking and remediating fileless attacks - irrespective of what is claimed by security vendors themselves."

"Fileless threats are a growing trend in malware landscape which makes efficient protection a challenge for all endpoint protection products," says Maik Morgenstern, chief technology officer, AV-TEST. "This test reveals big differences in the abilities of assessed security solutions to detect fileless infection techniques. Kaspersky proved to be the most efficient in detection of and prevention against fileless attacks."

"We appreciate AV-TEST showing the real results of cybersecurity products against current serious threats, such as fileless malware," said Timur Biyachuev, vice president of threat research at Kaspersky. "Kaspersky researchers have been analyzing fileless threats for a long time as they are widely used in different attack stages. Whenever possible cybercriminals try to reduce their footprint and use malware which is less well-detected, making fileless a growing option. Thanks to our intelligence we have created the necessary protection technologies, such as our advanced behavior-based detection. With these technologies, our business customers will always be protected from fileless and other threats."

The full report "Advanced Endpoint Protection: Fileless Threats Protection Test" commissioned by Kaspersky and performed by AV-TEST GmbH can be found here.
Published Wednesday, October 09, 2019 8:53 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<October 2019>