NSS Labs Announces Results from Breach Detection Systems Test

AUSTIN, Texas – August 04, 2015 - NSS Labs, Inc., the world’s leading security research, testing, and advisory company, today released the results from its Breach Detection Systems (BDS) group test which evaluated eight of the leading BDS vendors – Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro – for security effectiveness, performance, and total cost of ownership.

NSS Research shows that the BDS market is growing at a Compound Annual Growth Rate of 32%. 

This market demand has driven NSS to conduct the most complete test of this technology available today.  A BDS is expected to detect malicious software traversing a network, either during the attack, or post infection during callbacks (also known as data exfiltration). A strongly marketed feature of this technology is that BDS detect attacks that have bypassed traditional security products, reflecting the growing sophistication of the attackers themselves.

Key Takeaways:

  • Threat Actors are investing in ways to bypass existing security technology.
  • Breach Detection technologies are rapidly evolving.
  • New entrants in the Breach Detection space are successfully challenging the status quo.
  • Evasions allow attackers to avoid detection by a BDS. They proved to be a major problem for several vendors.  Only one vendor handled all evasions successfully.

View the NSS Labs Breach Detection Systems (BDS) Security Value Map™ Graphic.

The latest NSS Breach Detection Systems test report includes:

  • Over 5 billion discrete data elements.
  • Hundreds of victim machines.
  • Collection and analysis of Terabytes of logs.
  • Hundreds of discrete samples used in current campaigns.
  • Exploits, malware, and evasion testing was performed using regularly abused compromise mediums such as web and email – leveraging multiple common document types.
  • Over 100 unique evasion mechanics were tested.

“Breach Detection Systems are one of the most rapidly evolving security technologies out there today and with that comes a lot of marketing hype and vendor claims. We are excited to continue to build on the success of last year’s test and provide empirical insight into the performance and capabilities of the leading vendors in this rapid growth market,” said Vikram Phatak, CEO at NSS Labs.  “With several key vendors entering the BDS market, the BDS SVM results are an excellent example of why independent testing is so important. They provide objective facts based upon empirical data, allowing executives to make educated purchasing decisions.”

The products covered in this test were:

  • Blue Coat Security Analytics v7.1.6 and Malware Analysis Appliance v4.2.2
  • Check Point 13500 Next Generation Threat Prevention Appliance with Threat Emulation Cloud Service R77.20
  • Cisco Advanced Malware Protection v5.2.2015072320
  • Fidelis XPS Direct 1000 and Fidelis XPS Internal 1000 v7.7
  • FireEye EX-3400 v7.1.6 and NX-4400 v7.5.3
  • Fortinet FortiSandbox-1000D v1.43 Build 0120
  • Lastline Breach Detection Platform v6.5
  • Trend Micro Deep Discovery Inspector v3.7 Build 3.7.1096

NSS Labs did not receive any compensation in return for vendor participation. All testing and research was conducted free of charge.