WebBrowserSecuritySociallyEngineeredMalwareandPhishing
@nsslabsThomasSkybakmoen|Dis;nguishedResearchDirector,NSSLabsJayendraPathak|ChiefArchitect,NSSLabs,Inc.
2
WhoisNSSLabs?
Research&Advisory• Solu;ontrends• Bestprac;cesolu;onarchitectureguidance• Analystinquiries• Securityadvisorydays• Webinars/educa;on
Objec3vePurchaseInsight• Productmodeling• RFPtemplates• TCOmodelingkits
SecurityVendorTes3ng• Securityefficacy• Solu;onperformance• Costofownership
CyberAdvancedWarningSystem™• Con;nuousexploitvisibility• Con;nuoustargetassetiden;fica;on
• Con;nuoussecuritymeasurement
• Productcompara;ves• SaaSorAPI
3
NSSLabsTesting:TimelineandProcess• Coverageandtestsaregrowing–10+yearsofsecuritytes;ng
• 2016–6+tests,40+vendors,40+devices
• Workflowfortestdevelopment:1. Marketassessment2. Primaryresearch3. Enterpriseplanning4. Methodology5. Testharnessdevelopment6. Grouptest,aggregate,review7. Publishresults
4
SociallyEngineeredMalware(SEM)
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Q12009 Q22009 Q12010 Q32010 Q32011 Q32012 Q12013 Q12014 Q42016
Microsoft MozillaFirefox GoogleChrome
• WhatisSEM?• Historicaltrends
5
Phishing
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
2009 2012 2013 2016
Microsoft MozillaFirefox GoogleChrome
• Whatisphishing?• Historicaltrends
6
WhatisCAWS?
TheCAWS(CyberAdvancedWarningSystem)pladormenablescon3nuousvalida3onofthecollec;veeffec;venessoflayerednetworksecuritydefenses,revealingthesecuritypostureinreal2me.
ADAPTCon2nuouslyvalidate
theeffec;venessofyourdefensesinreal;me.
PRIORITIZEFocusyourefforts
onthreatsthatmafertoyourspecificenvironment.
RESPONDActwithprecision
usingvalidated,contextualthreatdetailsandmetadata.
IDENTIFYPinpointyourexposure
toexploitsthatareac;veinthewildrightnow.
7
2|ExploitHarves3ng
Vic;mmachinesarecommandedtovisitmalicious
sitesandthenexploited.
Exploitinterac;onisrecordedindetail.
4|ExploitReplay
Exploitsarereplayedagainstcustomerprofiletotestefficacy
ofsecurityproducts.
Customergetsreal-;me,validatedresultsofriskposture.
5|Real-3meSecurityPosture
1) Howaremydefensesperforming?
2) WhereamIexposedsoIcanfocusmyefforts?
3) Whatarethecri;calthreatdetailsthatwillhelpmeavoidabreach?
CyberAdvancedWarningSystem–HowitWorks
3|CustomerProfile
Customerselectstheapplica;onsandversionspresentinitsenvironment.
Customerselectsthedefensesithasinplace.
NSSBaitNET™
MimickedCustomerEnvironment
NSSVirtualInfrastructure
1|ExploitSourceCapture
MaliciousURLsandIPaddressesarecollected,analyzed,andde-duped
NSSLabs
NSSUniqueIntelligence
HowCAWSWorks
8
WhyisTestingImportant?• Evaluatetheefficacyofabrowserreputa;onsystem.
o Browsersarethefirstlineofdefenseagainstweb-bornethreats.o Browsersreputa;onsystemsprotectusersfromthemselves.(Don’tdownloadfreeappsthatareactuallymalware.)
• Canabrowserreputa;onsystemreplaceanan;virus(AV)producttoprotectagainstweb-bornethreats?
9
SEM:AverageBlockRate
78.3%
85.8%
99.0%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
MozillaFirefox
GoogleChrome(w/DownloadProtection)
MicosoftEdgew/AppRep
10
SEM:Zero-HourProtection
0-hr 1d 2d 3d 4d 5d 6d 7d TotalFirefox 78.3% 81.6% 81.9% 81.9% 81.9% 81.9% 81.9% 81.9% 81.9%MicrosoftEdge 98.7% 99.0% 99.3% 99.3% 99.3% 99.3% 99.3% 99.3% 99.3%Chrome(w/DownloadProtection) 92.8% 94.4% 95.1% 95.4% 95.4% 95.7% 95.7% 95.7% 95.7%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Coverage
11
SEM:AverageTimetoBlock
3.76
2.66
0.16
0 1 2 3 4
Firefox
GoogleChrome(w/DownloadProtection)
MicrosoftEdgew/AppRep
Hours
12
SEM:ConsistencyofProtection
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
GoogleChrome(w/DownloadProtection) MozillaFirefox MicrosoftEdgew/AppRep TestAverage
13
Phishing:AverageBlockRate
81.4%
82.4%
91.4%
0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%
MozillaFirefox
GoogleChrome
MicrosoftEdge
14
Phishing:ResponseTime
0-hr 1d 2d 3d 4d 5d 6d 7d TotalGoogleChrome 82.7% 85.6% 85.6% 85.6% 85.6% 85.6% 85.6% 85.6% 85.6%MicrosoftEdge 92.1% 92.9% 92.9% 92.9% 92.9% 92.9% 92.9% 92.9% 92.9%MozillaFirefox 84.0% 84.9% 84.9% 84.9% 84.9% 84.9% 84.9% 84.9% 84.9%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
Coverage
15
Phishing:AverageTimetoBlock
1.41
1.02
0.40
0.0 0.5 1.0 1.5
GoogleChrome
MozillaFirefox
MicrosoftEdge
Hours
16
Phishing:ProtectionoverTime
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
100%
GoogleChrome MicrosoftEdge MozillaFirefox