AUTHORS: Dipti Ghimire, James Hasty
As organizations have bolstered their security, so attacks have evolved. Attacks today are more sophisticated and more targeted than ever before—and capable of bypassing traditional endpoint and perimeter security products. Once organizations are breached, attackers move laterally to extend their foothold and eventually exfiltrate valuable data. While it can take attackers just minutes to compromise a system, it typically takes organizations weeks or even months to discover a breach.
Organizations must evolve their security defenses to incorporate a different kind of protection, one that NSS Labs refers to as a breach detection system (BDS). For a BDS to be effective, it should be able to alert on an attack, potential infection, or C&C exfiltration within the time-to-detect window. Attacks range from zero-day threats that make signature-based protection nearly useless to commodity malware, exploits and targeted attacks from state-sponsored threat actors. The BDS is designed to detect and log both successful and attempted breaches in an accurate and timely manner, while remaining resistant to false positives.
PRODUCT EVALUATED: NSS Labs performed an independent test of the Trend Micro Deep Discovery Inspector Model 4000 (Hardware model 4100) v5.0 & OfficeScan XG SP1. The product was subjected to thorough testing at the NSS facility in Austin, Texas, based on the NSS Labs Breach Detection Systems Test Methodology v5.0. This test was conducted free of charge and NSS did not receive any compensation in return for Trend Micro’s participation.
PRODUCT TESTED IN THE FOLLOWING AREAS:
- Security Effectiveness – Response time is critical to stop the damage caused by a breach. An effective BDS is one that can quickly detect and log zero-day, advanced, and targeted-attacks threats and with a low false positive rate.
- Resistance to evasion – Failure in any evasion class permits attackers to launch attacks and/or exfiltrate sensitive data
- Stability and reliability – Long-term stability is important where failure can result in serious breaches remaining undetected.
- Total cost of ownership (TCO) – NSS Labs has developed a TCO model, which assumes that enterprises that do not deploy BDS security, or that deploy a BDS security product with low and/or slow detection, will incur less security savings, since additional operational overhead will be required to remediate infections and incidents (breaches).
- Performance and Value – Customers should look for low TCO and high effectiveness and performance rankings.
As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.