Breach Detection System (BDS)



4 out of 7
Products Achieved a
Recommended Rating

5 out of 7
Products Tested
Missed Evasions

The Security Effectiveness of
Tested Products Ranged
Between 80.2% and 100.0%

Breach Detection System (BDS)

What is Breach Detection System (BDS)?

Through constant analysis of suspicious code and identification of communications with malicious hosts, a breach detection system (BDS) can provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls, intrusion prevention systems, intrusion detection systems, antivirus/endpoint protection (including host IPS), and secure web gateways. Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode, implementing multiple techniques to analyze and report on malicious traffic.

What We Tested

NSS Labs' Breach Detection System (BDS) Group Test evaluates market-leading BDS products on security effectiveness, performance, stability and reliability, and total cost of ownership (TCO). The BDS Group Test provides individual Test Reports and Comparative Reports that enable enterprises to make informed decisions to evolve and rationalize their cyber risk programs.

What You Get
BDS Product Test Reports

Security Comparative Report

The Security Comparative Report provides high-level analysis of the security effectiveness of different BDS products in the market. The report provides comparisons of detection rates, time to detect, stability and reliability, and resistance to common evasion techniques.

Using this report, enterprise security teams can compare security effectiveness and resistance to evasion techniques across different BDS products.

Performance Comparative Report

The Performance Comparative Report provides analysis of various performance metrics for tested BDS products. The report contains comparisons of HTTP connections per second while using real-word traffic mixes.

Using the Performance Comparative Report, enterprise networking teams can compare performance across BDS products and select those that will support their volume and type of network traffic.

Total Cost of Ownership (TCO) Comparative Report

The TCO Comparative Report provides a comparison of the costs associated with product purchase, installation, maintenance, and support, as well as threat-associated costs.

Using the TCO Comparative Report, the enterprise C-Suite and management can understand the true TCO of a product over a three-year period, incorporating product purchase cost, product operational cost, and the overall capability score of a product.

Security Value MapTM (SVM) Comparative Report

Empirical data from individual Test Reports and Comparative Reports is used to create NSS Labs' unique Security Value Map (SVM). The SVM illustrates the relative value of security investments by mapping the Security Effectiveness and the Total Cost of Ownership (TCO) per Mbps of tested product configurations.

The SVM Comparative Report provides an aggregated view of the detailed findings from the NSS Labs group tests. Using this report, enterprise security decision makers can see the relative value of security investments.

Individual Test Reports

Test Reports provide detailed analysis for each product tested. Data from these reports is used in the NSS Labs Comparative Reports.

Test Reports enable enterprise security teams to understand the impact of features and limitations across different products. These reports are used to shortlist products for further evaluation and proof-of concept testing.