By Anil Nandigam
The more cybersecurity technologies evolve, the more, the more adept and elusive threat actors become. Today’s attacks are more targeted than ever before and are capable of bypassing traditional endpoint and perimeter security products. Attackers use zero-day exploits that make signature-based protection nearly useless. Once organizations are breached, attackers move laterally to extend their foothold and eventually exfiltrate valuable data. While it can take attackers just minutes to compromise a system, it typically takes organizations weeks or even months to discover a breach.
The longer it takes to detect the breach, the more damage there will be, and the more costly it will be for the organization. The Ponemon Institute’s 2018 Cost of a Data Breach Study reports that "Companies that contained a breach in less than 30 days saved over $1 million as compared to those that took more than 30 days to resolve.". It is critical that both successful and attempted breaches are detected and logged in an accurate and timely manner. The breach detection system (BDS) is designed to detect zero-day threats, commodity malware, exploits, and targeted attacks.
NSS Labs research reveals that more than 75% of the IT security professionals surveyed for an NSS study indicated their organizations deploy sandbox technology (such as a BDS). The following were recorded as challenges enterprises experienced with various BDS products:
Lack of corporate image support
Our research has found that BDS often require little or no tuning, and in fact, several vendors provide products with little or no tuning options. However, tuning a BDS is beneficial since failure to tune may result in false positives, which in turn increase operational expenses. Organizations looking to purchase a BDS should seek a product that offers high security effectiveness, a low false positive rate, and rapid time-to-detect metrics.
In the fifth iteration of our BDS Group Test, the following key metrics were used to determine the security effectiveness of BDS products: threat detection rate, resistance to common evasion techniques, and time to detect a successful or attempted breach. In addition to security effectiveness, TCO and performance were evaluated to help enterprises to make informed decisions.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.