Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

8/4/2015
12:00 AM
Dark Reading
Dark Reading
Products and Releases
0%
100%

NSS Labs tests reveal shake-ups in fast-growing Breach Detection System market

Five of Eight Leading Vendors Receive Coveted NSS "Recommended" Rating

AUSTIN, TX--(Marketwired - Aug 4, 2015) - NSS Labs, Inc., the world's leading security research, testing, and advisory company, today released the results from its Breach Detection Systems (BDS) group test which evaluated eight of the leading BDS vendors -- Blue Coat, Check Point, Cisco, Fidelis, FireEye, Fortinet, Lastline, and Trend Micro -- for security effectiveness, performance, and total cost of ownership.

NSS Research shows that the BDS market is growing at a Compound Annual Growth Rate of 32%. This market demand has driven NSS to conduct the most complete test of this technology available today. A BDS is expected to detect malicious software traversing a network, either during the attack, or post infection during callbacks (also known as data exfiltration). A strongly marketed feature of this technology is that BDS detect attacks that have bypassed traditional security products, reflecting the growing sophistication of the attackers themselves.

Key Takeaways:

Threat Actors are investing in ways to bypass existing security technology.

Breach Detection technologies are rapidly evolving.

New entrants in the Breach Detection space are successfully challenging the status quo.

Evasions allow attackers to avoid detection by a BDS. They proved to be a major problem for several vendors. Only one vendor handled all evasions successfully.

View the NSS Labs Breach Detection Systems (BDS) Security Value Map™ Graphic.

The latest NSS Breach Detection Systems test report includes:

Over 5 billion discrete data elements.

Hundreds of victim machines.

Collection and analysis of Terabytes of logs.

Hundreds of discrete samples used in current campaigns.

Exploits, malware, and evasion testing was performed using regularly abused compromise mediums such as web and email -- leveraging multiple common document types.

Over 100 unique evasion mechanics were tested.

"Breach Detection Systems are one of the most rapidly evolving security technologies out there today and with that comes a lot of marketing hype and vendor claims. We are excited to continue to build on the success of last year's test and provide empirical insight into the performance and capabilities of the leading vendors in this rapid growth market," said Vikram Phatak, CEO at NSS Labs. "With several key vendors entering the BDS market, the BDS SVM results are an excellent example of why independent testing is so important. They provide objective facts based upon empirical data, allowing executives to make educated purchasing decisions."

The products covered in this test were:

Blue Coat Security Analytics v7.1.6 and Malware Analysis Appliance v4.2.2

Check Point 13500 Next Generation Threat Prevention Appliance with Threat Emulation Cloud Service R77.20

Cisco Advanced Malware Protection v5.2.2015072320

Fidelis XPS Direct 1000 and Fidelis XPS Internal 1000 v7.7

FireEye EX-3400 v7.1.6 and NX-4400 v7.5.3

Fortinet FortiSandbox-1000D v1.43 Build 0120

Lastline Breach Detection Platform v6.5

Trend Micro Deep Discovery Inspector v3.7 Build 3.7.1096

 

NSS Labs did not receive any compensation in return for vendor participation. All testing and research was conducted free of charge.

About NSS Labs, Inc.

NSS Labs, Inc. provides insight that helps businesses become more secure. Focusing exclusively on IT security, NSS delivers value through its world-leading security product testing laboratory, security research and analyst services, and Cyber Advanced Warning System™ -- a cloud service offering that leverages product testing and an adversary engagement network. Through these capabilities, NSS delivers unparalleled cyber risk guidance to CEOs, CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises around the world. For more information, visit www.nsslabs.com.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-12512
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12513
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12514
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a NULL Pointer Dereference that leads to a DoS in discoveryd
CVE-2020-12525
PUBLISHED: 2021-01-22
M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage.
CVE-2020-12511
PUBLISHED: 2021-01-22
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.