PUBLICATION & RESEARCH LIBRARY

Authors: Dipti Ghimire and James Hasty

Publish Date: October 18, 2017

TECHNOLOGY DESCRIPTION:

Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Consequently, enterprises must evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach detection system (BDS).

Through constant analysis of suspicious code and identification of communications with malicious hosts, BDS can provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls, intrusion prevention systems, intrusion detection systems, antivirus/endpoint protection (including host IPS), and secure web gateways. Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode, implementing multiple techniques to analyze and report on malicious traffic.

PRODUCT EVALUATED:

NSS Labs performed an independent test of the FireEye Network Security NX 10450 v7.9.2 & EX 8400 v7.9.0. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the Breach Detection Systems (BDS) Test Methodology v4.0 available at nsslabstage.wpengine.com. This test was conducted free of charge and NSS did not receive any compensation in return for FireEye’s participation.

PRODUCT TESTED IN THE FOLLOWING AREAS:

  • Security Effectiveness: BDS are expected to detect and log breaches and attempted breaches accurately, while remaining resistant to false positives.
  • Performance: A system’s detection processing capability is stressed to determine when connections are overwhelmed or the table and buffer capacity is exceeded, and attacks are allowed through.
  • Stability and Reliability: The stability of the BDS is verified, along with its ability to maintain security effectiveness while under normal load and while detecting malicious traffic.
  • Total Cost of Ownership (TCO): The overall cost of deployment, maintenance, and upkeep is assessed. ?

 

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the test results.