Product Rating Reports align with cyber risk management and insurance needs.

AUSTIN, Texas – February 25, 2020 – NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, today announced the launch of a new product ratings system. Product ratings inform consumers about a product’s capacity to meet its obligations—enhancing transparency, and enabling consumers to focus on considerations that are most critical to their organizations. The first set of product ratings addresses products in the endpoint protection market.

The rating system ranges from ‘AAA’ to ‘D’; the current round of Product Rating Reports published today received overall ratings from ‘AA’ to ‘B.’ No product in the test achieved an overall ‘AAA’ rating.

The new rating system considers the following capabilities: Management, False Positive Rate, Resistance to Evasion, Total Cost of Ownership (TCO), and Block Rate, which includes Email Malware, HTTP Malware, Drive-by Exploits, Social Exploits, and Handcrafted (targeted) Attacks. NSS Labs used multiple commercial, open-source, and proprietary tools to employ attack methods currently being used by cybercriminals and other threat actors.

In the reports published today, most products fared well, with Management, False Positive Rate, and Resistance to Evasion receiving individual capability ratings ranging from ‘AAA’ to ‘BBB.’ However, handcrafted attacks (targeted malware), created by modifying the source code of keyloggers, ransomware, and destructoware, were a challenge for several of the products, resulting in ratings that ranged from ‘A’ to ‘D.’

“A product rating is an educated opinion about a product’s likelihood to meet its obligations to consumers”, said Jason Brvenik, CEO of NSS Labs. “These ratings are a critical tool for measuring and managing cyber risk.”

A product rated ‘AAA’ has the highest overall rating assigned by NSS Labs; its capacity to meet its commitments to consumers is extremely strong. Close behind is an ‘AA’ rating, which only differs from the highest possible rating by a small degree. The product’s capacity to meet its commitments to consumers is very strong. A product rated ‘A’ is somewhat more susceptible to sophisticated attacks than higher-rated categories; however, its capacity to meet its commitments to consumers is still strong.

A product rated ‘BB,’ ‘B,’ ‘CCC,’ ‘CC,’ and ‘C’ is regarded as having significant risk characteristics. ‘BB’ indicates the least degree of risk and ‘C’ the highest. While such products will likely have some specialized capability and protective characteristics, these may be outweighed by large uncertainties or major exposure to adverse conditions. A complete list of ratings through ‘D’ can be found here.

Product ratings will be published on an ongoing basis; additional endpoint protection ratings will be issued over the next few months. These product ratings are now available to subscribers:

  • Bitdefender GravityZone Ultra v6.6.16.216
  • Check Point Software Technologies SandBlast Agent v81.20.7425
  • Cybereason Professional v19.1.86.0
  • Elastic Endpoint Security v3.14.0
  • Fortinet FortiClient v6.2.2
  • Fortinet FortiEDR v3.1.3.1
  • Palo Alto Networks Traps/Cortex XDR v6.2
  • Sophos Intercept X Advanced 10.8.3