Breach Detection Systems: Test Methodology v2.0
“Conventional endpoint AV solutions provide inadequate exploit protection, and traditional network security solutions are trivial to evade when it comes to client-side exploits, the favorite attack vector of threat actors perpetrating targeted persistent attacks (TPA) or APT. To regain the upper hand against current attacks, enterprises must in turn evolve their network defenses to provide a different kind of protection, one that NSS Labs is calling “breach detection.” The products in this new market are referred to as “breach detection systems” (BDS). Through constant analysis of suspicious code and identification of communications with malicious hosts, breach detection solutions are capable of providing enhanced detection of advanced malware, zero-day and targeted attacks that could bypass defenses like next-generation firewalls (NGFW), intrusion preventions systems (IPS), intrusion detection systems (IDS), antivirus / endpoint protection (including host IPS), and secure web gateways (SWG). Because of latency issues involved in this type of scanning, BDS typically operate out of band, in detection mode (similar to IDS), implementing multiple techniques to analyze and report on malicious traffic. For this reason, BDS could also be considered a next-generation IDS (NGIDS) product.”