Security Controls In The US Enterprise: Breach Security – Breach Detection Systems

Security Controls In The US Enterprise: Breach Security – Breach Detection Systems


Jason Pappalexis, John Whetstone, Will Fisher, Mike Spanbauer



Threat actors are demonstrating the ability to bypass protection offered by conventional endpoint and perimeter security solutions. In turn, enterprises must evolve their network defenses to incorporate a different kind of protection, one that NSS Labs defines as a breach detection system (BDS). Although initially exclusive to large or very large enterprises, the use of BDS has begun to move down-market into small and medium-sized enterprises.

Enterprises can use this information to gain critical insights into the purpose and use of BDS technology. These insights include information on how this security control is being managed within organizations, where it is being deployed, who is responsible for purchasing decisions, and the extent to which API controls are being used for its management.



  • Product scope, alternatives, deployment, and purchase authority
  • Metrics on product use within the enterprise
  • Who manages BDS? (breakdown by organization size)
  • Who uses API controls? (breakdown by organization size)
  • Enterprise challenges



Part of a series on security controls deployed by US enterprises, this brief includes current usage statistics for BDS within small and medium-sized enterprises (SMEs), large enterprises (LEs), and very large enterprises (VLEs).

As with all NSS Labs group tests, there was no fee for participation. All testing was conducted independently and was not paid for by any vendor.