MRG Effitas, a world leader in independent IT research, published their anti-malware efficacy assessment results for Q2 2023. Malwarebytes Endpoint Protection (EP) achieved the highest possible score (100%) and received certifications for Level 1, Exploit, Online Banking, and Ransomware.
These results mark the eighth time in a row we have received all certification awards, and we are now officially the only vendor to win every single certification & award in 2022 and so far into 2023.
MRG Effitas assesses a product’s ability to meet today’s most pressing threats, including stopping zero-day malware, ransomware, exploits, and more—and doing so with speedy performance and low false positives.
In addition to their normal tests, for Q2 2023 MRG Effitas added two new tests to their Q2 2023 360° Assessment & Certification: the ITW Phishing Test and Phishing Simulator Test.
Malwarebytes blocked 100% of phishing attempts in BOTH the ITW Phishing Test and Phishing Simulator Test. In other words, Malwarebytes was the only vendor in the Q2 2023 MRG test to both receive all 4 award logos AND block 100% of phishing attempts.
How we were able to do it: The signature and behavior-based detection techniques and proprietary anti-exploit technology of Malwarebytes EP allowed it to detect and block more malware than any other competitor on the Q2 test. In addition, the Web protection layer of our EP blocks access to and from known or suspicious Internet addresses, allowing us to ace the phishing tests.
For the full results and to see how we stack up against competitors, our “Endpoint Security Evaluation Guide” eBook—based on MRG Effitas’ independent lab assessment—is an essential tool for any organization looking to make an informed decision about endpoint security. Download below!
Let’s dive into where we prevented more than the rest and how we were able to do it.
100% of phishing attempts blocked
Given the frequency and risks associated with phishing attacks today, it’s clear that modern endpoint security needs to protect against these attacks.
According to Verizon, attackers used phishing for initial access in 15% of data breaches in 2022. CISA also showed that, within the first 10 minutes of receiving a phishing email, 84% of employees took the bait. After successfully compromising a system through phishing, threat actors can further their attacks by dropping ransomware or stealing sensitive data, leading to costly financial and reputational damages.
Malwarebytes blocked 100% of phishing attempts in BOTH the ITW Phishing Test and Phishing Simulator Test.
How we were able to do it: Malwarebytes EP, the foundation for Malwarebytes EDR, features a Web protection layer that blocks access to and from known or suspicious Internet addresses.
100% of ransomware blocked
Using a blend of signature and signature-less technologies, the anti-ransomware layer of Malwarebytes EP constantly monitors endpoint systems and automatically kills processes associated with ransomware activity.
MRG Effitas tested security products for 30 ransomware samples. In addition, they tested four ransomware simulator samples created in-house, ensuring the security product could only rely on its behavior scanning modules. To test for false positives, a device running Malwarebytes EP also ran three benign programs designed to mimic ransomware behavior.
Malwarebytes blocked 100 percent of ransomware threats in the MRG Effitas assessment and did so with no false positives, allowing the three benign programs to run. For this we earned the 360° Ransomware Certification.
Nebula view of detected ransomware activity
100% of banking malware blocked
We were one of the few vendors who earned a 360° Online Banking Certification, which means Malwarebytes EP stopped 100% of threats designed to steal financial information and money from victim’s accounts. To outperform the others, our unique detection technology again came into play.
Malwarebytes EP autoblocked 100% of the 25 financial malware samples, the Magecart credit card-skimming attack, and Botnets designed to steal credentials.
100% of zero-day threats blocked
One of the many strong suits of our detection is that it can detect malware that has never been seen before, also called zero-day malware. Again, we were one of the only vendors to detect and block these pernicious threats, which account for 80% of successful breaches.
Built on machine learning (ML) and behavioral analysis techniques, our behavior-based detection enabled Malwarebytes EP to detect and autoblock 100% of all zero-day threats. For this, as well as blocking all Botnets, we earned the 360° Level 1 Certification.
100% of exploits blocked
The anti-exploit feature of Malwarebytes EP protects organizations from one of the most advanced cyber attacks: zero-day exploits targeting browser and application vulnerabilities.
But don’t take our word for it: MRG Effitas used 8 different exploitation techniques to try and deliver a malicious payload on a device running Malwarebytes EP—but they didn’t get very far. Malwarebytes earned the 360° Exploit Certification for autoblocked 100% of Exploit/Fileless attacks, entirely protecting the system from infection.
We were one of the few to earn the 360° Exploit Certification all thanks to our proprietary anti-exploit technology, which wraps vulnerable programs in four defensive layers that prevent an exploit from installing its payload, or even executing initial shellcode.
Our four layers of exploit protection
Anti-exploit settings in Nebula
Consistency is key
If there is one shining take away from this accomplishment, it’s that consistency is key.
You don’t want a security solution that passes rigorous tests like MRG Effitas only some of the time. You want a solution that passes them with flying colors all of the time. Clearly, Malwarebytes EP, and by extension our EDR and MDR, is that solution.
For organizations that are concerned their current solution may not be up-to-par, the MRG Effitas assessment has demonstrated that Malwarebytes for Business —more constantly than anybody else—has what it takes to keep your business safe from today’s most pressing cyberthreats.