It is difficult to go a week without reading about a major enterprise being breached. And it is because of this that the Breach Detection Systems (BDS) market is growing at an incredible pace that is expected to continue well into the future (32% CAGR, source: NSS Labs).
This market demand has driven NSS to conduct the most complete test of this technology available today. A BDS is expected to detect malicious software traversing a network, either during the attack, or post infection during callbacks (also known as data exfiltration). A strongly marketed feature of this technology is that BDS detect attacks that have bypassed traditional security products, reflecting the growing sophistication of the attackers themselves.
In the test, vendors receive credit for timely detection whether during the download and installation of malware or for the detection of successful callbacks post infection and the subsequent generation of alerts severe enough to prompt an enterprise’s immediate action. For example an information alert that a malicious file is installed and calling doesn’t count; for the vendor to receive credit, the alert must be severe enough to warrant an immediate response). Without accurate classification of the malicious file or activity, an enterprise cannot respond effectively or appropriately.
Version 2.0 of our BDS test includes:
Today’s security environment is challenging to say the least. Knowing which alerts to chase, which events matter, and which can be safely ignored can make the difference between catching a malicious attack or becoming tomorrow’s headlines. There are many BDS options on the market and the findings from NSS’ latest Breach Detection System Group Test can help you select a system that ensures you aren’t the next victim.
Follow me on Twitter (@mikespanbauer) to keep informed as new research is released.
Follow us on Twitter (@NSSLabs) to keep informed as new research is released.