WebBrowserSecuritySociallyEngineeredMalwareandPhishing

@nsslabsThomasSkybakmoen|Dis;nguishedResearchDirector,NSSLabsJayendraPathak|ChiefArchitect,NSSLabs,Inc.

2

WhoisNSSLabs?

Research&Advisory•  Solu;ontrends•  Bestprac;cesolu;onarchitectureguidance•  Analystinquiries•  Securityadvisorydays•  Webinars/educa;on

Objec3vePurchaseInsight•  Productmodeling•  RFPtemplates•  TCOmodelingkits

SecurityVendorTes3ng•  Securityefficacy•  Solu;onperformance•  Costofownership

CyberAdvancedWarningSystem™•  Con;nuousexploitvisibility•  Con;nuoustargetassetiden;fica;on

•  Con;nuoussecuritymeasurement

•  Productcompara;ves•  SaaSorAPI

3

NSSLabsTesting:TimelineandProcess• Coverageandtestsaregrowing–10+yearsofsecuritytes;ng

•  2016–6+tests,40+vendors,40+devices

• Workflowfortestdevelopment:1.  Marketassessment2.  Primaryresearch3.  Enterpriseplanning4.  Methodology5.  Testharnessdevelopment6.  Grouptest,aggregate,review7.  Publishresults

4

SociallyEngineeredMalware(SEM)

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Q12009 Q22009 Q12010 Q32010 Q32011 Q32012 Q12013 Q12014 Q42016

Microsoft MozillaFirefox GoogleChrome

•  WhatisSEM?•  Historicaltrends

5

Phishing

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2009 2012 2013 2016

Microsoft MozillaFirefox GoogleChrome

•  Whatisphishing?•  Historicaltrends

6

WhatisCAWS?

TheCAWS(CyberAdvancedWarningSystem)pladormenablescon3nuousvalida3onofthecollec;veeffec;venessoflayerednetworksecuritydefenses,revealingthesecuritypostureinreal2me.

ADAPTCon2nuouslyvalidate

theeffec;venessofyourdefensesinreal;me.

PRIORITIZEFocusyourefforts

onthreatsthatmafertoyourspecificenvironment.

RESPONDActwithprecision

usingvalidated,contextualthreatdetailsandmetadata.

IDENTIFYPinpointyourexposure

toexploitsthatareac;veinthewildrightnow.

7

2|ExploitHarves3ng

Vic;mmachinesarecommandedtovisitmalicious

sitesandthenexploited.

Exploitinterac;onisrecordedindetail.

4|ExploitReplay

Exploitsarereplayedagainstcustomerprofiletotestefficacy

ofsecurityproducts.

Customergetsreal-;me,validatedresultsofriskposture.

5|Real-3meSecurityPosture

1) Howaremydefensesperforming?

2) WhereamIexposedsoIcanfocusmyefforts?

3) Whatarethecri;calthreatdetailsthatwillhelpmeavoidabreach?

CyberAdvancedWarningSystem–HowitWorks

3|CustomerProfile

Customerselectstheapplica;onsandversionspresentinitsenvironment.

Customerselectsthedefensesithasinplace.

NSSBaitNET™

MimickedCustomerEnvironment

NSSVirtualInfrastructure

1|ExploitSourceCapture

MaliciousURLsandIPaddressesarecollected,analyzed,andde-duped

NSSLabs

NSSUniqueIntelligence

HowCAWSWorks

8

WhyisTestingImportant?• Evaluatetheefficacyofabrowserreputa;onsystem.

o  Browsersarethefirstlineofdefenseagainstweb-bornethreats.o  Browsersreputa;onsystemsprotectusersfromthemselves.(Don’tdownloadfreeappsthatareactuallymalware.)

•  Canabrowserreputa;onsystemreplaceanan;virus(AV)producttoprotectagainstweb-bornethreats?

9

SEM:AverageBlockRate

78.3%

85.8%

99.0%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

MozillaFirefox

GoogleChrome(w/DownloadProtection)

MicosoftEdgew/AppRep

10

SEM:Zero-HourProtection

0-hr 1d 2d 3d 4d 5d 6d 7d TotalFirefox 78.3% 81.6% 81.9% 81.9% 81.9% 81.9% 81.9% 81.9% 81.9%MicrosoftEdge 98.7% 99.0% 99.3% 99.3% 99.3% 99.3% 99.3% 99.3% 99.3%Chrome(w/DownloadProtection) 92.8% 94.4% 95.1% 95.4% 95.4% 95.7% 95.7% 95.7% 95.7%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Coverage

11

SEM:AverageTimetoBlock

3.76

2.66

0.16

0 1 2 3 4

Firefox

GoogleChrome(w/DownloadProtection)

MicrosoftEdgew/AppRep

Hours

12

SEM:ConsistencyofProtection

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

GoogleChrome(w/DownloadProtection) MozillaFirefox MicrosoftEdgew/AppRep TestAverage

13

Phishing:AverageBlockRate

81.4%

82.4%

91.4%

0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100%

MozillaFirefox

GoogleChrome

MicrosoftEdge

14

Phishing:ResponseTime

0-hr 1d 2d 3d 4d 5d 6d 7d TotalGoogleChrome 82.7% 85.6% 85.6% 85.6% 85.6% 85.6% 85.6% 85.6% 85.6%MicrosoftEdge 92.1% 92.9% 92.9% 92.9% 92.9% 92.9% 92.9% 92.9% 92.9%MozillaFirefox 84.0% 84.9% 84.9% 84.9% 84.9% 84.9% 84.9% 84.9% 84.9%

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

Coverage

15

Phishing:AverageTimetoBlock

1.41

1.02

0.40

0.0 0.5 1.0 1.5

GoogleChrome

MozillaFirefox

MicrosoftEdge

Hours

16

Phishing:ProtectionoverTime

0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

GoogleChrome MicrosoftEdge MozillaFirefox

ThankyouQues3ons?info@nsslabs.com