PUBLICATION & RESEARCH LIBRARY

Authors: Thomas Skybakmoen and Tim Otto

Publish Date: October 11, 2018

This report is available through the Breach Detection System (BDS) Category Subscription. All of our subscription options can be viewed here.

As organizations have bolstered their security, so attacks have evolved. Attacks today are more sophisticated and more targeted than ever before—and capable of bypassing traditional endpoint and perimeter security products. Once organizations are breached, attackers move laterally to extend their foothold and eventually exfiltrate valuable data. While it can take attackers just minutes to compromise a system, it typically takes organizations weeks or even months to discover a breach. 

Organizations must evolve their security defenses to incorporate a different kind of protection, one that NSS Labs refers to as a breach detection system (BDS). For a BDS to be effective, it should be able to alert on an attack, potential infection, or C&C exfiltration within the time-to-detect window. Attacks range from zero-day threats that make signature-based protection nearly useless to commodity malware, exploits and targeted attacks from state-sponsored threat actors. The BDS is designed to detect and log both successful and attempted breaches in an accurate and timely manner, while remaining resistant to false positives.

REPORT FOCUS: Implementation of BDS products can be a complex process, with multiple factors affecting overall performance. This Comparative Report provides data on:
•    Security Effectiveness
•    Total Cost of Ownership (TCO)
•    Performance

PRODUCTS EVALUATED:
•    Fortinet FortiSandbox-2000E v.3.0.0 & FortiClient (ATP Agent) v.5.6.6.1167
•    Lastline Enterprise (Sensor 1000) v8.0
•    Trend Micro Deep Discovery Inspector Model 4000 (Hardware model 4100) v5.0 & OfficeScan XG SP1

To learn how vendors performed, download a copy of each Test Report. NSS clients can also download the BDS SVM Comparative Report.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.