Attacks/Breaches

10/19/2017
12:00 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NSS Labs Announces 2017 Breach Detection Systems Group Test Results

Four Products Receive Recommended Rating, other products receive a neutral rating, security recommended rating, and caution rating.

AUSTIN, Texas - NSS Labs, a source for independent fact-based cybersecurity guidance, today announced the results of its Breach Detection Systems (BDS) Group Test. For the 2017 BDS Group Test, NSS Labs expanded test techniques to include new evasions. Evasion techniques are a means of disguising and modifying attacks in order to avoid detection and blocking by security products. These methods are increasingly selected by threat actors to circumvent security controls. Test results indicate that most breach detection systems are unable to stop all evasions, which is a major concern.

According to the Verizon 2017 Data Breach Investigations Report, 75% of data breaches are perpetrated by outsiders. BDS products are now more widely adopted in enterprise security deployments to catch attacks that bypass other perimeter defenses such as next-generation firewalls. The NSS Labs 2017 Enterprise Security Architecture Study indicates that 44.1% of US enterprises deploy BDS products. These products provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks. Data obtained by BDS threat analysis helps to accelerate investigation and remediation, thereby reducing the business impact of threats.

The BDS Group Test reports offer insights into which infection vectors were effective and how long it took for products to detect them. When evaluating breach detection systems, time-to-detect metrics are critical as they directly impact ROI for enterprises.

Seven products from six market-leading security vendors were tested for security effectiveness, performance, stability and reliability, and total cost of ownership (TCO). Of the seven products tested, four received a Recommended rating and two scored 100% for security effectiveness.

Key findings from the test:

  • Five out of the seven products tested missed evasions.
  • Overall Security Effectiveness ranged between 80.2% and 100.0%.
  • The average Security Effectiveness rating was 93.2%; five products received a Security Effectiveness rating above the average, and two received a Security Effectiveness rating below the average.
  • False positive rates ranged from 0% to 0.36%.
  • TCO per Protected Mbps ranged between US$16 and US$128, with most tested products costing less than US$44 per protected Mbps.
  • The average TCO per Protected Mbps (Value) was US$48.82; five products demonstrated value above the average and two demonstrated value below the average.

“The 2017 BDS Group Test revealed that most products were able to detect the majority of breaches within 60 minutes, but some products took several hours to detect the same breaches,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “To reduce the frequency and impact of security incidents, enterprises must consider the detection rate and the time a product takes to detect attacks.”

The following products were tested:

  • Check Point Software Technologies 15600 Next Generation Threat Prevention & SandBlast™ (NGTX) Appliance R77.30
  • Cisco FirePower 8120 v.6 & Cisco AMP v.5.1.9.10430
  • FireEye Network Security NX 10450 v7.9.2 & EX 8400 v7.9.0
  • FireEye Network Security 6500NXES-VA v7.9.2
  • Fortinet FortiSandbox-2000E v.FSA 2.4.1 & FortiClient (APT Agent) v.5.6.0.1075
  • Lastline Enterprise v7.25
  • Trend Micro Deep Discovery Inspector Model 4000 v3.8 SP5 & OfficeScan (OSCE) v.12.0.1807

NSS Labs is committed to providing empirical data and objective group test results that enable organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.

Click here for more information on this test, and the test methodology used, or to purchase the individual Test Reports. Click here to download the Security Value Map, which provides a graphic comparison of Security Effectiveness and TCO across the tested products.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
13 Russians Indicted for Massive Operation to Sway US Election
Kelly Sheridan, Associate Editor, Dark Reading,  2/16/2018
From DevOps to DevSecOps: Structuring Communication for Better Security
Robert Hawk, Privacy & Security Lead at xMatters,  2/15/2018
3 Tips to Keep Cybersecurity Front & Center
Greg Kushto, Vice President of Sales Engineering at Force 3,  2/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
How to Cope with the IT Security Skills Shortage
Most enterprises don't have all the in-house skills they need to meet the rising threat from online attackers. Here are some tips on ways to beat the shortage.
Flash Poll
[Strategic Security Report] Navigating the Threat Intelligence Maze
[Strategic Security Report] Navigating the Threat Intelligence Maze
Most enterprises are using threat intel services, but many are still figuring out how to use the data they're collecting. In this Dark Reading survey we give you a look at what they're doing today - and where they hope to go.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.