AV-TEST Evaluates Efficiency of DNS-Layer Security

Published on 14 Oct 2021

Report  - AV-TEST Evaluates Efficiency of DNS-Layer Security

In September and October 2020, AV-TEST performed a lab test of comparable security offerings from Akamai, Cisco, Infoblox, Netskope, Palo Alto Networks, and Zscaler. 

How did AV-TEST ensure a fair evaluation?

The test was commissioned by Cisco and performed by AV-TEST to determine the malware protection and phishing block capabilities of the vendors. The lab test assessed each secure web gateway vendor’s ability to protect roaming and remote workers. Given that the global pandemic has accelerated the move of edge security controls to a cloud-delivered model, each of the vendors’ offerings was configured with the protection of their roaming agents. A separate test for DNS-layer protection was also performed.

See also: Buyer’s Guide to Cloud Security Solutions

In order to ensure a fair review, the sponsor did not supply any samples (such as malicious or clean samples, URLs or associated metadata) and
did not influence or have any prior knowledge of the samples tested or the testing methodology. All products were configured to provide the highest level of protection, utilizing all security-related features available at the time. All links and malicious samples tested were verified by AV-TEST as recent and active. In addition, AV-TEST evaluated false positive ratings for each vendor. AV-TEST assessed downloads for well-known applications from HTTP and HTTPS websites. An additional false positive test was performed against known clean popular websites from Alexa’s top list. A total of 2,165 clean websites and downloads were used.

Why did CISCO commission the test?

While most malware targets Windows platforms, securing protection across all operating systems is good practice. Attaining protection against the growing number of threats is essential for all enterprises. Phishing is a great example of an attack that impacts all operating systems and relies on fooling the end user into thinking the site is legitimate so the attacker can steal sensitive information. In order to compare some of the different offerings available on the market, Cisco commissioned a test of Umbrella’s secure web gateway solution with full proxy as well as comparable solutions from other
vendors. In addition, Umbrella’s DNS-layer protection was reviewed, and the effectiveness against other solutions was measured. The following definitions are used:

DNS-layer protection: DNS-layer protection uses the internet’s infrastructure to block malicious and unwanted domains, IP addresses, and cloud applications before a connection is ever established as part of recursive DNS resolution. DNS-layer protection is an effective way to stop malware earlier and prevent callbacks to attackers.

DNS-layer protection with selective proxy: Traditional web gateways proxy all web connections – safe, malicious, and risky – sometimes negatively impacting network performance and availability. In some cases, web gateway configurations can be complex, requiring PAC files and static routes. As part of Umbrella’s DNS-layer protection, only risky domain requests are redirected to a selective cloud proxy for deeper inspection of their web content. This redirection is done transparently through the DNS response.

Cisco Umbrella outperformed the other vendor’s in detection rates. Download this report to learn more about what AV-test evaluated and how Cisco Umbrellay score. Subscribe to Whitepapers.online for more ebooks, buyers guides and white papers related to network security and new technologies.