When it comes to rating the effectiveness of security solutions, efficacy is king. Why? All it takes is one malicious request slipping through the net for a damaging breach to take place.
Lots of network security providers claim they are the best at threat detection and prevention. But can they prove it? Third-party research from AV-TEST reveals that Cisco Umbrella is the industry leader in security efficacy, according to the 2020 DNS-Layer Protection and Secure Web Gateway Security Efficacy report.
NOTE: A brand new AV-TEST report has been released evaluating Cisco Umbrella’s secure web gateway (enhanced with DNS security) and DNS-layer protection functionality. Cisco Umbrella placed first in secure web gateway to protect remote workers. Get the 2nd AV-TEST report
Overview
AV-TEST is the leading independent research institute for IT security in Germany. For more than 15 years, the cybersecurity experts from Magdeburg have delivered quality-assuring comparison and individual tests of virtually all internationally relevant IT security products.
In November and December 2019, AV-TEST performed a review of Cisco Umbrella alongside comparable offerings from Akamai, Infoblox, Palo Alto Networks, Symantec and Zscaler.
In order to ensure a fair review, the research participants did not supply any samples (such as URLs or metadata) and did not influence or have any prior knowledge of the samples being tested. All products were configured to provide the highest level of protection, utilizing all security-related features available at the time.
The test focused on the detection rate of links pointing directly to PE malware (e.g. EXE files), links pointing to other forms of malicious files (e.g. HTML, JavaScript) as well as phishing URLs. A total of 3,668 samples were included in the testing.
DNS-Layer Protection Test
In the first part of this study, DNS-layer protection was tested. DNS-layer protection uses the internet’s infrastructure to block malicious and unwanted domains, IP addresses, and cloud applications before a connection is ever established as part of recursive DNS resolution. DNS-layer protection stops malware earlier and prevents callbacks to attackers if infected machines connect to your network.
An ideal use case for DNS-layer protection is guest wifi networks. With guest wifi it is usually not possible to install a trusted certificate on the guests’ devices, so HTTPS inspection is not possible. The study however shows that DNS-layer protection without a selective proxy still provides a good base layer of security.
DNS-layer protection with selective cloud proxy redirects only risky domain requests for deeper inspection of web content, and does so transparently through the DNS response. A common use case for selective proxy is corporate owned devices where there is a need to inspect risky traffic including HTTPS, but for privacy considerations, certain content categories such as financial or healthcare can be excluded from HTTPS inspection in the selective proxy.
For the DNS-layer protection testing, the products achieved the following blocking rates:
Cisco Umbrella performed significantly better than other vendors with a 51% detection rate for DNS-layer protection. Cisco Umbrella’s selective proxy makes a big difference in effective threat detection and increased the blocking rate to 72%.
Secure Web Gateway Test
In the second part of the study, the web gateway solutions were tested. A secure web gateway is based on a full web proxy that sees and inspects all web connections. Unlike DNS-layer protection which only analyzes domain names and IP addresses, a web proxy sees all files and the full URLs enabling more granular inspection and control.
Organizations adopt secure web gateways when they are looking for more flexibility and control. Common use cases for a secure web gateway include: needing full visibility of web activity, inspection of granular app controls, the ability to block specific file types and inspection of all HTTPS content with the ability to exclude specific content.
For secure web gateway testing, the products achieved the following blocking rates:
In this test scenario, Cisco Umbrella outperformed the other vendors’ offerings in terms of security efficacy.
Conclusion
In both test scenarios, the Cisco Umbrella detection rate outperformed the offerings from other vendors.
These test results demonstrate several key takeaways. Organizations should adopt a layered approach to security. DNS-layer protection is simple and adds to the overall security efficacy. In use cases where deploying a selective proxy is possible, the security efficacy and blocking rates improve significantly. As seen in the test results, a secure web gateway full proxy solution provides the highest level of protection.
