The implementation of breach detection systems (BDS) solutions can be a complex process, with multiple factors affecting the overall cost of deployment, maintenance, and upkeep. These should be considered over the course of the useful life of the solution, and include: 

• Acquisition costs for BDS devices and central management system
• Fees paid to the vendor for annual maintenance, support and signature updates
• Labor costs for installation, maintenance and upkeep

No two network security products deliver the same security effectiveness or throughput, making precise comparisons extremely difficult. In order to capture the relative value of devices on the market and facilitate such comparisons, NSS Labs has developed a unique metric to enable value-based comparisons: TCO per protected megabit per second (see Figure 1). By using total cost of ownership (TCO) instead of purchase price, it is possible to factor in management of the device via labor costs associated with product installation, maintenance, and upkeep. This metric is used extensively in the following sections to evaluate cost of security, throughput, and 3-year TCO. The benefit from this analysis is that, within a given performance range, it can provide some insight as to whether a product is priced above or below the majority of its competitors. A high price could indicate a premium based upon protection offered (in the case of passive devices like BDS, this refers to the detection rate), brand recognition, level of customer service, or a price penalty for an underperforming product. Security Effectiveness = Detection Rate x Stability & Reliability TCO per Protected Megabit per Second = TCO/(Security Effectiveness * NSS-Tested Throughput For the purpose of this analysis, NSS developed an enterprise use case with one (1) central management system and four (4) devices deployed across multiple remote locations. Since configuration is performed via central management, the device cost reflects only initial setup and upkeep per device. As part of the initial BDS test setup, devices are configured/tuned as deemed necessary by the vendor. Every effort is made to deploy policies that ensure the optimal combination of security effectiveness and performance, as would be the aim of a typical customer deploying the device in a live network environment. This provides readers with the most useful information on key BDS security effectiveness and performance capabilities, based on their expected usage. This report is part of a series of Comparative Analysis Reports (CAR) on security, performance, total cost of ownership (TCO) and Security Value Map (SVM). In addition, a SVM Toolkit is available to NSS clients that allows for the incorporation of organization-specific costs and requirements to create a completely customized SVM.