Sophos

Talk to our experts

Find your local press contact

Resources

Info feeds

What are info feeds?

29 November 2007

McAfee, Sophos, Symantec: Who is the best at stopping zero-day attacks? Independent comparative review by Cascadia Labs confirms quality of Sophos's solution for enterprises

Read more and download the Cascadia Labs review of Symantec, McAfee and Sophos
Read more and download the Cascadia Labs review of Symantec, McAfee and Sophos

IT security and control firm Sophos has been found in an independent test to be superior to Symantec and McAfee at protecting proactively against zero-day malware attacks, vulnerabilities and exploits.

In an independent review conducted by Cascadia Labs, Sophos clearly outperformed Symantec and McAfee in detection of new, unknown viruses, spyware and Trojan horses. Sophos successfully intercepted 86% of the malware tested against prior to execution, compared to 43% for McAfee and 51% for Symantec. In addition, Sophos's run-time HIPS protection detected further malware samples at execution raising proactive detection of zero-day threats to an "impressive" 97% in Cascadia Labs' anti-virus tests.

Sophos is better than Symantec and McAfee at stopping new zero day attacks

The Cascadia Labs test identified Sophos's pre-execution detection including Behavioral Genotype® Protection - which guards against viruses, spyware, adware and malicious code before they execute - as delivering better protection from new and unknown malware than McAfee or Symantec's products.

Sophos better than Symantec and McAfee at detecting zero-day attacks

According to Cascadia Labs, McAfee's overall effectiveness was disappointing and Symantec's protection against zero-day attacks was found to often come too late in the infection cycle.

"While Sophos's HIPS protection significantly increased detection rates, we were unable to identify any significant impact of Symantec's behavioral or HIPS-based protection component," said the Cascadia Labs report. "[Symantec] doesn't match Sophos in terms of day-zero effectiveness, usability, or scanning performance... [Sophos is] a natural choice for enterprises looking for a well integrated endpoint security suite that is effective against day-zero threats."

Symantec 11 upgrade "painful and time-consuming"

The independent study also reported that Symantec users may face difficulties upgrading to Symantec Endpoint Protection 11.0, confirming Sophos's view that it is easy to switch from Symantec to Sophos.

"Users of previous Symantec products will face a painful and time consuming migration process moving to Symantec Endpoint Protection 11.0," said the Cascadia Labs report. "Given the workload involved in migrating to SEP 11, because of the extensive architecture changes, administrators will have difficulty choosing whether to migrate or perform a fresh install"

PDF Download now
Sophos Threat Report July 2008
  • SQL injection attacks are the biggest threat
  • 90% of malware on legitimate sites
  • Hackers exploit Web 2.0

About Sophos

Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com

See also: