Publish Date: October 19, 2017
Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Consequently, enterprises must evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach detection system (BDS).
Through constant analysis of suspicious code and identification of communications with malicious hosts, BDS can provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls, intrusion prevention systems, intrusion detection systems, antivirus/endpoint protection (including host IPS), and secure web gateways. Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode, implementing multiple techniques to analyze and report on malicious traffic.
REPORT OVERVIEW:
Implementation of BDS solutions can be a complex process, with multiple factors affecting the overall performance of a solution. This Comparative Report provides data on factors affecting a BDS’ ability to perform, including:
- Throughput for the target environment ?
- Predominant traffic mix ?
PRODUCTS EVALUATED:
The following products were evaluated:
- Check Point Software Technologies 15600 Next Generation Threat Prevention & SandBlastTM (NGTX) Appliance R77.30
- Cisco FirePower 8120 v.6 & Cisco AMP v.5.1.9.10430?
- FireEye Network Security NX 10450 v7.9.2 & EX 8400 v7.9.0?
- FireEye Network Security 6500NXES-VA v7.9.2
- Fortinet FortiSandbox-2000E v.FSA 2.4.1 & FortiClient (APT Agent) v.5.6.0.1075?
- Lastline Enterprise v7.25?
- Trend Micro Deep Discovery Inspector Model 4000 v3.8 SP5 & OfficeScan (OSCE) v.12.0.1807
As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.