BREACH PREVENTION SYSTEM (BPS)

BREACH PREVENTION SYSTEM (BPS)

TECHNOLOGY DESCRIPTION

Breach Prevention Systems (BPS) are solutions suites that involve the integration of different products such as endpoint, network, sandbox, cloud, and other protections.

Vendors have been claiming for years that if enterprises purchase their entire suite, they will see better results. Enterprises asked us if this was true, as many perform technology proofs-of-concept (PoCs), but few have the resources to test a multilayer defense with so many integrated protections.

TECHNOLOGY DESCRIPTION

Breach Prevention Systems (BPS) are solutions suites that involve the integration of different products such as endpoint, network, sandbox, cloud, and other protections.

Vendors have been claiming for years that if enterprises purchase their entire suite, they will see better results. Enterprises asked us if this was true, as many perform technology proofs-of-concept (PoCs), but few have the resources to test a multilayer defense with so many integrated protections.

WHAT WE TESTED

2019 is the first time we have published a comparison of technology suites. This comparison is the outcome of testing Next Generation Firewalls, Next Generation Intrusion Prevention Systems, Breach Detection Systems, and Advanced Endpoint Protection products.

All tests permitted the use of cloud capabilities such as reputation systems, sandboxing, emulation, machine learning, and so on.

WHAT WE FOUND

  • Some vendors are better at developing integrated/coordinated technical solutions than others. (Always validate marketing claims!)
  • Many organizations purchase endpoint, network, cloud, and forensic security technologies at different times. This makes it harder to select coordinated security solutions.

  • Few vendors provide good protection from multiple attack vectors across all defensive layers.

  • Vendors still find evasions challenging, but agile development processes help with rapid remediation.

  • Vendor claims to protect vulnerabilities are largely dependent on whether the vulnerability allows such protection. We found all products need improvement when dealing with unknown variants of known exploits.