Breach Detection System
BDS 2017 Comparative Report: Security Value Map™

BDS 2017 Comparative Report: Security Value Map™

This report is available through the Breach Detection Systems Subscription. All of our subscription options can be viewed here.



Thomas Skybakmoen



Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Consequently, enterprises must evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach detection system (BDS).

Through constant analysis of suspicious code and identification of communications with malicious hosts, BDS can provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls, intrusion prevention systems, intrusion detection systems, antivirus/endpoint protection (including host IPS), and secure web gateways. Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode, implementing multiple techniques to analyze and report on malicious traffic.


This report uses empirical data from NSS’ individual BDS Test Reports and Comparative Reports to create NSS’ unique Security Value Map™ (SVM). The SVM illustrates the relative value of each product by mapping Security Effectiveness against Total Cost of Ownership (TCO) per Protected Mbps.



The following products were evaluated:

  • Check Point Software Technologies 15600 Next Generation Threat Prevention & SandBlastTM (NGTX) Appliance R77.30
  • Cisco FirePower 8120 v.6 & Cisco AMP v.
  • FireEye Network Security NX 10450 v7.9.2 & EX 8400 v7.9.0?
  • FireEye Network Security 6500NXES-VA v7.9.2
  • Fortinet FortiSandbox-2000E v.FSA 2.4.1 & FortiClient (APT Agent) v.
  • Lastline Enterprise v7.25?
  • Trend Micro Deep Discovery Inspector Model 4000 v3.8 SP5 & OfficeScan (OSCE) v.12.0.1807


To learn how each vendor performed, download a copy of each individual Test Report. NSS clients can also download the BDS Comparative Reports on Security, Performance, and Total Cost of Ownership.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.