Publish Date: October 19, 2017
Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Consequently, enterprises must evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach detection system (BDS).
Through constant analysis of suspicious code and identification of communications with malicious hosts, BDS can provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls, intrusion prevention systems, intrusion detection systems, antivirus/endpoint protection (including host IPS), and secure web gateways. Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode, implementing multiple techniques to analyze and report on malicious traffic.
REPORT OVERVIEW
This report uses data from NSS’ individual BDS Test Reports to create Security Effectiveness ratings for each product. Products are scored on multiple factors that affect the overall Security Effectiveness of the system, including:
- Breach Detection Rate
- Evasions
- Stability and Reliability
PRODUCTS EVALUATED:
The following products were evaluated:
- Check Point Software Technologies 15600 Next Generation Threat Prevention & SandBlastTM (NGTX) Appliance R77.30
- Cisco FirePower 8120 v.6 & Cisco AMP v.5.1.9.10430?
- FireEye Network Security NX 10450 v7.9.2 & EX 8400 v7.9.0?
- FireEye Network Security 6500NXES-VA v7.9.2
- Fortinet FortiSandbox-2000E v.FSA 2.4.1 & FortiClient (APT Agent) v.5.6.0.1075?
- Lastline Enterprise v7.25?
- Trend Micro Deep Discovery Inspector Model 4000 v3.8 SP5 & OfficeScan (OSCE) v.12.0.1807
To learn how each vendor performed, download a copy of each individual Test Report. NSS clients can also download the BDS Comparative Reports on Performance, Security Value Map, and Total Cost of Ownership (TCO).
As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.