Breach Detection System
BDS 2017 Comparative Report: Security

BDS 2017 Comparative Report: Security

This report is available through the Breach Detection Systems Subscription. All of our subscription options can be viewed here.



Thomas Skybakmoen



Threat actors are demonstrating the capability to bypass protection offered by conventional endpoint and perimeter security solutions. Consequently, enterprises must evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach detection system (BDS).

Through constant analysis of suspicious code and identification of communications with malicious hosts, BDS can provide enhanced detection of advanced malware, zero-day attacks, and targeted attacks that could bypass defenses such as next generation firewalls, intrusion prevention systems, intrusion detection systems, antivirus/endpoint protection (including host IPS), and secure web gateways. Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode, implementing multiple techniques to analyze and report on malicious traffic.


This report uses data from NSS’ individual BDS Test Reports to create Security Effectiveness ratings for each product. Products are scored on multiple factors that affect the overall Security Effectiveness of the system, including:

  • Breach Detection Rate
  • Evasions
  • Stability and Reliability



The following products were evaluated:

  • Check Point Software Technologies 15600 Next Generation Threat Prevention & SandBlastTM (NGTX) Appliance R77.30
  • Cisco FirePower 8120 v.6 & Cisco AMP v.
  • FireEye Network Security NX 10450 v7.9.2 & EX 8400 v7.9.0?
  • FireEye Network Security 6500NXES-VA v7.9.2
  • Fortinet FortiSandbox-2000E v.FSA 2.4.1 & FortiClient (APT Agent) v.
  • Lastline Enterprise v7.25?
  • Trend Micro Deep Discovery Inspector Model 4000 v3.8 SP5 & OfficeScan (OSCE) v.12.0.1807


To learn how each vendor performed, download a copy of each individual Test Report. NSS clients can also download the BDS Comparative Reports on Performance, Security Value Map, and Total Cost of Ownership (TCO).

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.