How Lastline Enterprise Keeps Earning NSS Labs Highest Score in Breach Detection
In the just-released 2017 NSS Labs Breach Detection Systems group test, Lastline received the highest possible score for security effectiveness, for the second consecutive year.
A recent blog about the report Lastline Ranks Highest in Security Effectiveness in NSS Labs Breach Detection Systems Group Test – Again gave an overview of this year’s NSS Labs group test results.
In today’s post, we’re going to dig a bit deeper into the report and how NSS Labs measures security effectiveness—and how Lastline keeps earning the highest score.
Before we dive into the details, it’s useful to note why NSS Labs is so highly regarded. There are several reasons: it is the world’s largest independent security testing and research organization; it focuses exclusively on evaluating cybersecurity products, and it is 100% objective. Also, NSS Labs does not charge any of the product vendors to participate in public tests, which adds credibility to the objectivity of its findings and reports.
Security Effectiveness – A Holistic Approach
Over 20 years of testing security products, NSS Labs has developed a detailed and holistic approach to measuring Security Effectiveness. In addition to performing a number of very specific tests to determine how well each product detects several types of attacks, NSS Labs looks at multiple factors that affect the overall Security Effectiveness. To that end, and to facilitate accurate product comparisons, it has developed a unique metric to calculate overall Security Effectiveness that combines these three critical capabilities:
- The product’s Breach Detection Rate (percentage of malware exploits the product detected)
- The product’s Resistance to Evasion
- Stability and Reliability
By focusing on Security Effectiveness as a whole instead of detection rates alone, NSS is able to factor in the ease with which malware can bypass defenses, as well as the reliability of the system under test.
Lastline Achieves Highest Score in All Areas of Security Effectiveness
Like NSS Labs, Lastline understands that there are many factors that contribute to the overall effectiveness of a security product, and a successful solution needs to include them all. Product reliability and accuracy are incredibly important, but so is the ability to identify the latest and most sophisticated evasion techniques. Lastline has developed a unique platform that excels in each of these important areas.
In the NSS Labs breach detection tests, Lastline achieved the highest score in all three areas that make up the total Security Effectiveness score—breach detection accuracy, reliability, and resistance to evasion.
A major key to Lastline’s success is the company’s detection engine and Deep Content Inspection™ technology that power all Lastline products. This unique approach provides 100% visibility into all malware activity.
Lastline Scores 100% Breach Detection
NSS Labs calculates the breach detection rate as the percentage of all malware and exploits that the product found. NSS Labs tested Lastline’s detection rate in a number of specific areas, including:
- Drive-by exploits
- Social exploits
- HTTP based malware
- Mail-based malware
- Offline infections (defined as hosts infected with malware outside the corporate network and subsequently attached to the network)
Lastline scored 100% in each of the breach detection tests, accurately identifying every exploit and instance of malware.
See the full report for details about how Lastline detected 100% of other types of exploits.
Lastline Passed All Stability and Reliability Tests
Since a product failure can result in serious breaches remaining undetected, stability under load is crucial. NSS Labs tested each product to determine its reliability under stress. During these tests, if any malicious traffic passes undetected, caused by either the volume of traffic or by the system failing for any reason, the product will fail the test.
Lastline successfully passed all stability and reliability tests—maintaining security effectiveness and detecting 100% of malicious traffic while under normal load.
Lastline Scores 100% in Resistance to Evasion
NSS Labs paid particular attention to the importance of the product’s ability to identify any techniques used by malware to avoid detection. The report states “Resistance to evasion is a critical component in a breach detection system. If the system misses a single evasion, an attacker can utilize an entire class of exploits and/or malware to circumvent the detection system, rendering it virtually useless.”
Lastline Enterprise scored 100% in every evasion test, including the following:
- Packers and Compressors
- Virtual Machine Evasions
- Sandbox Evasions
- HTML Obfuscation
- HTML5 Obfuscation
- HTML5 Heap Spray
- Web Socket Connection
- HTTP Evasion
- Layered Evasions
Lastline Achieves Exceptionally Low False Positive Rates
The ability for any breach detection system to identify legitimate traffic while maintaining detection of threats and breaches is as important as its ability to detect malicious content.
The NSS Labs tests for false positive rates included a varied sample of legitimate application traffic that the products under test could falsely identified as malicious.
Lastline demonstrated an extremely low false positive rate of just 0.06%. That equates to just 1 false positive out of 1,666 alerts, a rate many security analysts would love to have.
Lastline Verses the Competition
This year’s NSS Labs test included six leading breach detection vendors:
Last year, Lastline was the first vendor ever to achieve 100% security effectiveness within the NSS Labs breach detection test and report.
This year, Lastline is the only vendor to achieve that distinction in multiple years.
In regard to the competition, the relative position between FireEye and Lastline is of particular note. FireEye’s NX & EX Security Effectiveness score dropped dramatically from 96.5% in 2016 to just 81.7% in 2017 while Lastline maintained a perfect score in both years.
NSS Labs issued “Neutral” (FireEye NXES-VA) and “Caution” (FireEye NX & EX) ratings for the two FireEye products that were tested. Lastline received a “Recommended” rating for the third year in a row.
The ability to effectively detect a network breach is critical. However, most organizations don’t have the resources to properly test available solutions to identify which product will provide the most protection. Fortunately, NSS Labs, as a well-known and highly respected organization, helps solve that problem.
We are pleased and honored that NSS Labs has identified Lastline as a recommended solution, receiving the highest score in the 2017 Breach Detection Systems group test.
Get A Copy of the NSS Labs Breach Detection Reports
Download the reports to learn more about the NSS Labs 2017 BDS Group Test results.
Latest posts by Bert Rankin (see all)
- No Detail is Too Small: Is Your Network Behavior Analysis Up to the Task? - December 11, 2018
- Security Culture: How Everyone Plays a Part in Keeping Your Organization Secure - December 6, 2018
- Improving Incident Response Time With Smarter Network Security Tools - December 4, 2018