Let’s Be Fair and Test Technology the Same Way We Use It.

More than 2.1 million emails are sent and received every second. With high-speed internet as the standard for most organizations, email attachments have become the preferred method to transfer files. Most employees believe that once an email hits their inbox, it has been scanned and is safe to open. But is it? We created the Zero Second test to find out.

The best way to evaluate the effectiveness of multiple technology vendors is to run them through a typical situation and see how they perform. For the Zero Second test, we decided that scanning email attachments is as basic of a work situation as it gets. We created a scenario where an “excellent candidate” sends a resume along with a summary of their experience and skills to a human resources recruiter. A more typical scenario would have sent the email to the company’s entire executive team but we kept it simple.

We used an infected PDF file and although we used an unknown malware, we made sure we used one that all of the tested vendors would recognize. Our objective was not to evaluate vendor catch rate. For that, we recommend you reference Check Point’s 2014 Unknown 300 test report.

After the initial infected email was sent, we allowed each vendor to emulate as they normally would. Some let the threat email enter the network during emulation, and some would hold the suspect email external to the network during emulation just in case. If this were our network, we know which method would we would rather use.

We then repeated the test multiple times at different times of the day to exclude any impact time of day or network traffic may have. We also used different types of malware (but in each case we confirmed each vendor could detect them) to confirm that one type wasn’t worse than another. Each vendor’s results were an average of their scores.

Check Point emulated and blocked threats in four minutes, while competing approaches from FireEye, Palo Alto Networks and Fortinet took as long as 79 minutes to protect the network. We encourage you to review our test methods and see the results for yourself. Visit the Zero Second page.