Enterprises are seeking out a new class of protection-oriented solutions that combine detection and blocking-based technologies to take appropriate action against threats before they result in breaches.
These solutions, which NSS Labs calls breach prevention systems (BPS), leverage multiple modern technologies such as sandboxing, emulation, and machine learning along with next generation firewalls and next generation intrusion prevention systems. In addition, most BPS integrate endpoint technology, which enables them to block attacks that would not otherwise be seen by a network device.
NSS Labs’ 2017 BPS group test included five solutions from market-leading security vendors. The solutions were tested for security effectiveness, performance, and total cost of ownership. The test measured the effectiveness of the breach prevention solutions in real-world threat scenarios that included exploits, malware, offline infections and evasions.
Highlights of the test include:
- Five BPS solutions were tested from five vendors: Check Point, Cisco, Fortinet, Juniper, and Palo Alto Networks.
- All tested solutions missed at least one evasion.
- Four solutions received a Recommended rating and one solution received a Caution rating.
- Overall Security Effectiveness ranged from 25.0% to 99.2%.
- TCO per Protected Mbps ranged from US$14 to US$414, with most tested solutions costing less than $80 per protected Mbps.
Download the free 2017 NSS Labs BPS Security Value Map (SVM) to find out which solutions came out on top in our first ever BPS group test.