Through constant analysis of suspicious code and identification of communications with malicious hosts, breach detection systems (BDS) are capable of providing enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls (NGFWs), intrusion prevention systems (IPS), intrusion detection systems (IDS), antivirus/endpoint protection (including host IPS), and secure web gateways (SWGs). Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode (similar to IDS), implementing multiple techniques to analyze and report on malicious traffic.

This methodology describes how NSS will evaluate BDS products to provide an objective and fair assessment of the technology.