Why BDS is Important
Breach Detection Systems (BDS) utilize both static and dynamic analysis techniques to detect advanced malware, zero-day attacks, and targeted attacks that have bypassed network security controls.
Through constant analysis of suspicious code and identification of communication with malicious hosts, BDS are capable of providing enhanced detection of threats. Such threats range from commodity malware to targeted attacks from state-sponsored threat actors that could bypass traditional network defenses such as next generation firewalls (NGFWs) and next generation intrusion prevention systems (NGIPS).
Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Enterprises must evolve their network defenses to incorporate a different kind of protection using advanced techniques, such as the BDS.
The time it takes for an organization to become aware of a breach is popularly known as dwell time (time to detect). The longer this period is, the more damaging it's likely to be. For a BDS product, rapid detection and analysis of both successful and attempted breaches is critical in halting the damage caused by potential malware infections or breaches. Learn which BDS products took the least time to detect both known and unknown malware.
Drive-by downloads happen when users visit websites or click on malicious links. There has been a rise in exploit packs that attackers leverage to execute drive-by download attacks. These packs exploiting vulnerabilities are ready to use, which makes it relatively easy for attackers to carry out the attacks. It is important to know which products are capable of detecting and reporting on successful attacks in a timely manner-earlier detection is better. NSS Labs' 24/7 exploit testing is unique in the world, and our test results provide metrics regarding time to detect on initial compromise and on callback to the command and control server.
Today's malware is delivered over multiple vectors including social exploits, web-based HTTP traffic, for example, malware delivered over HTTP (e.g., executables, docs and scripts) and non-HTTP traffic such as email, a cloaked executable (.jpeg, .exe, .zip), FTP, or an infected USB device. Find out which BDS products successfully detected SEM attacks.
Organizations are highly susceptible to blended exploits, which are typically delivered via commonly used applications, such as Microsoft Word or Excel. Blended exploits are commonly used in phishing attacks where users are tricked into clicking on malicious links. Learn which of the products are capable of keeping up with attacks using blended exploits.
In today's world, remote work is becoming more and more popular. Remote users can become infected while outside the protection of corporate network security. Once infected devices are reattached to corporate networks, infection can move laterally within these networks. If your organization has remote employees, you need to know which BDS products will fully protect you against offline infections.
Attackers use evasions to bypass security controls. A single evasion can grant an attacker access to your network. Evasion types impacting BDS products include binary obfuscation, packers, compressors, HTML obfuscation, HTTP evasions, attacks on nonstandard ports, and more. What's worse, when attackers successfully use an evasion technique to bypass defenses, they leave no trace. There are no logs, and there are no alerts. Find out which products were the most- and the least-resistant to evasions in our latest BDS Group Test.
An unstable device that disrupts traffic unexpectedly can have disastrous consequences. Failure can result in serious breaches going undetected and thus not being remediated. Testing revealed some products had stability issues with certain versions. Find out which ones.
The rapid adoption of social media, streaming video, and other bandwidth-intensive technologies means real-world traffic patterns are changing constantly. Find out which BDS products successfully balanced detection with performance.
For a BDS, security effectiveness is determined by its ability to detect and log breaches accurately while remaining resistant to false positives. Additionally, it should be able to detect both known and zero-day malware. A system's overall security effectiveness score is determined by factoring the results of evasion testing and stability and reliability testing into its breach detection rate. In the BDS 5.0 Group Test, the Security Effectiveness of the tested products ranged from 77.2% to 99.6%. Find out how the different products fared.
Your security savings don't kick in when you purchase a product. One reason for this is because the additional operational overhead cost required to remediate infections and incidents will negate any security savings and result in high TCO. Find out which products have the lowest TCO over a multi-year period so you can better analyze risk and make informed purchasing decisions for your organization.
Your BDS should be able to detect and report on threats in a timely manner, so you don't find yourself in data breach situation. Just because a product is the least expensive doesn't mean it provides the best value or meets your needs. NSS Labs can help you determine which products are right for you.
Individual Vendor Test Reports
Test Reports provide detailed analysis for each product tested. Data from these reports is used in the NSS Labs Comparative Reports.
Test Reports enable enterprise security teams to understand the impact of features and limitations across different products. These reports are used to shortlist products for further evaluation and proof-of concept testing.