Breach Security: Breach Prevention Systems (BPS) FAQ Datasheet

A datasheet from NSS Labs titled Breach Prevention Systems

Will Breach Prevention Systems Replace Breach Detection Systems?

No. There is a big difference between blocking suspicious/malicious activity and detecting it. When it comes to blocking traffic, vendors tend to be cautious (because enterprises are cautious) specifically over the issue of false positives. With regard to detection, false positives are no more than a waste of time; however, when it comes to blocking false positives can be highly disruptive to business.

Additionally, products that block attacks have to be in the path of the traffic. But this means devices are limited to what they can actually “see.” Out-of-band products that tap into the network are able to see across the entire span of multiple network segments and can potentially identify the malicious activity that is occurring “behind” the blocking product. For example, let’s assume a user’s laptop is infected offline at a coffee shop and then the user brings the infected laptop into work. Until the moment when the malware infecting the user crosses a boundary that is protected by the blocking product, the blocking product will not “see” that an infection has occurred.

Click here to download as PDF