Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Enterprises must in turn evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach prevention system (BPS).

Through constant analysis of suspicious code and identification of communications with malicious hosts, breach prevention solutions are capable of providing enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls (NGFWs), intrusion preventions systems (IPS), intrusion detection systems (IDS), antivirus/endpoint protection (including host IPS), and secure web gateways (SWGs).

Additionally, a BDS may be deployed to augment the conviction capabilities of a BPS and accommodate more complex network architectures (e.g., highly segmented networks).