downloaded files from the sample URLs and notified the Zscaler Gateway after each URL. The
Gateway allow or blocked the URL traffic.
Webserver
Malware-Collection
Zscaler
Cloud Web Gateway
Router
VPN Tunnel
VPN Tunnel
WWW
AV-Test Client
Figure 4: Test platform overview
3
Testing methodology
AV-TEST received preconfigured appliances from Zscaler and was supported by a Zscaler engineer to
setup the appliances.
1. Internet Access. The appliances had access to the Internet at all times in order to use any inthe-cloud queries.
2. Product Configuration. The product was run with the configuration supplied by Zscaler. The
appliance was able to perform automatic signature updates all the time.
3. Testing. All files, except for the malicious URLs, were downloaded via http from the
webserver to the client system using a Java client. For the URL testing, an additional client
with direct internet access has been used to download the reference samples from the
Internet.
4. Analysis. The downloaded files were compared with the original files (reference files at URL
testing) by MD5 hash. For verifying the results, the appliance report files were analyzed.
The static set of files consisted of 11,567 malicious PE files (Prevalent Malware).The dynamic tests
were performed using 6,049 working malicious URLs.
Test Results
Test #1: Real World protection rate
Real World threats are typically identified through the Web Gateways ability to open up content for
inspection coupled with whatever proactive scanning abilities and cloud intelligence a vendor may
provide. A block can be based on URL filtering or Web Reputation services, by signatures or heuristic
scanning of the provided content, and other inspection and filtering technologies. In this case 5892 of
the 6049 malicious URLs were blocked. With this results Zscaler Web Gateway has a good protection
rate of 97.40%.
Test #2: Sandbox detection rate
The total number of malicious samples tested was 11,567. This includes the following number of
samples: 770 Backdoors, 558 Bots, 477 Trojan Downloader, 532 Trojan Dropper, 7,993 Trojan
Generic, 179 Trojan Password Stealer, 733 Viruses, 211 Worms, 114 Rogue Software as well as 3,059
potentially unwanted applications (PUA).
This test focuses on the generic malware detection and blocking capabilities, especially on the
signature-based detection as well as generic and heuristic technologies.
4
Please complete the form to gain access to this content