Lastline Ranks Highest in Security Effectiveness in NSS Labs Breach Detection Systems Group Test – Again

Lastline Ranks Highest in Security Effectiveness in NSS Labs Breach Detection Systems Group Test – Again

We’re proud that Lastline Enterprise has excelled again in the NSS Labs Breach Detection System (BDS) group test.

If you’re not familiar with NSS Labs, it is the world’s largest independent security testing and research organization, conducting challenging independent tests of security products for over 20 years. NSS Labs’ tests are rigorous and comprehensive, designed to provide the comparative testing that most organizations need but lack the time, funding, and staff. (NSS publishes the specific testing methodology it used in this round of tests, in case you’re curious).

The Test

The BDS group test looked at these three primary areas, and the bullets illustrate what the test measured in each of those areas:

  • Security
    • Detection rate
    • Anti-evasion capabilities (resistance to common evasion techniques)
    • Device stability and reliability
    • Time-to-detect
  • Total Cost of Ownership (TCO)
    • Acquisition costs for the BDS and a central management system (CMS)
    • Fees paid for annual maintenance, support, and signature updates
    • Labor costs for installation, maintenance, and upkeep
  • Performance
    • Performance under a range of deployment options/traffic mixes
    • Performance when security configurations/policies applied

The Participants

Six vendors participated in the 2017 Breach Detection System test:

  • Check Point
  • Cisco
  • Fortinet
  • FireEye
  • Lastline
  • Trend Micro

The Results

Lastline Enterprise earned 100% security effectiveness for 2nd consecutive year. In 2017, just like in 2016, Lastline detected everything NSS Labs could throw at it, including evasive threats that avoid detection by many of today’s “next-gen” firewalls, sandboxes, and IPS.

One of the reports NSS Labs generates is called the Security Value Map (SVM). It’s a useful chart because it combines the findings of the Security, TCO, and Performance tests.  It shows Security Effectiveness on the vertical axis and TCO per Protected Mbps on the horizontal axis. We like it because it shows Lastline Enterprise in the upper right, showing 100% Security Effectiveness with a very low TCO.​

NSS_SVM_2017 security Value Map for Breach Detection Systems

Evasive Malware and Detection Rates

One more reason why we like the SVM so much is that it shows each product’s resistance to common evasion techniques. Evasion techniques, which enable malware to evade even most security tools including “Next-gen” firewalls, IPS, and sandboxes, are now commonplace—our own Lastline Labs has detected evasion techniques in over 70% of currently circulating malware.

The SVM shows the effect of the ability (or inability) to detect threats using evasive techniques:

  • Products with green dots on the SVM are the ones that detected all evasion techniques
  • Products with gradients that end in a blue dot show the effect of not detecting evasive malware on their detection capabilities

From the 2017 SVM report: “The highest point of the gradient line represents Security Effectiveness based solely on block rate. However, this is not the only measure of Security Effectiveness—NSS also factors in evasions. Incorporating this additional information allows NSS to calculate a second, lower score (represented by the blue dot), which more realistically depicts the actual Security Effectiveness of a product.”

NSS Labs explains in more detail why this metric is critical: “A product’s effectiveness is significantly handicapped if it fails to detect exploits and malware that employ obfuscation or evasion techniques, and the NSS product guidance is adjusted to reflect this.”

Breach Detection is at The Core of All Lastline Products

The technology that gives Lastline Enterprise its ability to detect threats that other vendors miss is Deep Content Inspection™.  Deep Content Inspection is at the core of all Lastline products, and it is the only detection technology that interacts with every piece of malware to deconstruct all the malicious behavior engineered into the malware. Deep Content Inspection’s unsurpassed visibility gives you an inventory of every malicious behavior that you can use to instrument your network against the latest threats.

Example of the Analysis Deep Content Inspection Performs on a Malicious Object

Figure 2 – Deep Content Inspection Identifies All Malicious Behavior in Any Malware

To Get Your Copy of the BDS Reports

 Download the reports to learn more about the NSS Labs 2017 BDS Group Test results.

But Wait There’s More

We’ll also be hosting a webinar soon with a researcher from NSS Labs who will explain how an organization can use these reports to select the right breach detection product. After you download the reports we’ll automatically send you an invitation to the webinar when we schedule it.

Patrick Bedwell

Patrick Bedwell

Patrick Bedwell has been creating and executing product marketing strategies for network security products for almost 20 years. He earned his BA from Cal Berkeley, and his MBA from Santa Clara University.
Patrick Bedwell