Click here to close now.

Welcome!

API Journal Authors: Carmen Gonzalez, Liz McMillan, AppDynamics Blog, Vormetric Blog, Elizabeth White

News Feed Item

NSS Labs Announces Analyst Coverage and New Group Test for Breach Detection Systems

NSS Labs Predicts the BDS Market to Reach $1 Billion by 2018

AUSTIN, TX -- (Marketwire) -- 11/08/12 -- NSS Labs today announced initiation of coverage and the launch of a new group test for breach detection systems (BDS). BDS is an emerging group of security solutions focused on detecting of intrusions caused by targeted persistent attacks (TPAs) and other particularly sophisticated threats designed to harvest information from compromised systems. Fueled by the frequency and severity of data breaches and their associated costs, the BDS market will have a compound annual growth rate (CAGR) greater than 25 percent, reaching $1 billion by 2018, according to NSS Labs' forecasts.

"Although you could think of this class of product as 'next-generation intrusion detection systems (NGIDS),' we at NSS Labs feel that the 'next generation' tag has been over-used by security vendors," says Bob Walder, Chief Research Officer at NSS Labs. "These products are designed to analyze complex attacks out-of-band, detecting, rather than preventing, network breaches. Because they are not expected to operate in-line at wire speeds, they can perform much more extensive analysis of inbound and outbound traffic to detect complex threats. This means they can only alert us to network breaches that have already occurred. For this reason, we coined the term 'breach detection systems (BDS).' Rather than use different vendors' lexicons based on preferred marketing descriptions, BDS precisely defines the role these solutions are meant to perform, apart from other technologies."

View the new NSS Labs Analysis Brief - Breach Detection: Don't Fall Prey to Targeted Attacks.

Will Breach Detection Systems become the latest security "silver bullet" -- or "white elephant?"
As the attack surface broadens and highly motivated cybercriminals use increasingly innovative and dynamic approaches to deploy sophisticated crimeware, enterprises must assume that they will be (or have already been) breached. Through constant analysis of suspicious code and identification of communications with malicious hosts, breach detection systems can provide enhanced detection of advanced malware, zero-day and targeted attacks, acting as an "early warning" system for exploits that have bypassed other network security defenses. Key trends driving the demand for breach detection systems include:

  • Attack frequency and sophistication at the device level: Client-side attacks represent the fastest growing and most serious group of threats today: These attacks often install malicious code "silently" and many users don't know that they've been infected until after the fact. Breach detection systems that constantly analyze suspicious code and identify communication back to malicious hosts can provide enhanced detection of advanced malware, zero-day and targeted attacks.

  • Browsers and endpoint security products struggle to block attacks: Many traditional endpoint security solutions and browsers lack adequate exploit and evasion protection: In recent NSS Labs tests, only 2 of 13 endpoint products tested blocked more than 80% of exploits and over 60% (8 of 13) failed to block attacks where obfuscation methods for compressing and packing payloads were used. In recent browser testing, only Microsoft Internet Explorer blocked 99% of malicious downloads -- Google Chrome, Apple Safari and Mozilla Firefox lagged behind blocking only 70%, 4.3% and 4.2% respectively.

  • Awareness and safe surfing are not enough: It's not necessary to visit the "dark corners" of the Internet to be at risk: Spear-phishing and drive-by exploits are served up in employee inboxes and often incorporate the legitimate web sites of trusted brand names in their attacks. Breach detection systems recognize that many responsible, well-meaning users will inevitably still be exploited and jeopardize enterprise systems.

  • Breach detection needs to take mobile devices, other shifts into account: The growth of BYOD opens otherwise secured networks up to significant risk: The increasing number of personal mobile devices and the virtualization of offices expose the corporate network to any number of malware variants from untrusted networks that may lack the protection and capabilities of the corporate infrastructure. These mobile devices also often bypass perimeter filtering and security appliances.

Commentary: NSS Labs Research Director Francisco Artes
"Breach detection systems claim to improve the recognition of the most severe types of intrusions -- such as those with the most severe consequences if electronic health records, intellectual property or other sensitive materials are stolen -- but it remains to be seen whether vendors in this emerging segment can provide value that is not offset by new products' overhead and complexity," said Francisco Artes, Research Director at NSS Labs. "Effective BDS tools need to complement existing security investments but risk being simply another console to watch; we look forward to ongoing research and testing as these solutions mature and face real-world threats."

The NSS Labs Live Testing™ harness for the BDS tests is designed to test the five main technologies that can be used as part of a BDS solution -- virtual machine (VM) sandboxes, browser emulation, domain reputation, AV signature, and traffic analysis. NSS Labs analysts will cover numerous vendors in the BDS market, including:

  • AhnLab
  • Damballa
  • FireEye
  • Lastline
  • McAfee
  • Palo Alto Networks
  • Symantec
  • Trend Micro

NSS Labs is currently in the process of confirming which vendors will be in the first Group Test for BDS and results will be available to NSS Labs' subscribers at www.nsslabs.com once complete.

NSS Labs does not receive any compensation in return for vendor participation; all testing and research is conducted free of charge.

About NSS Labs, Inc.
NSS Labs, Inc. is the world's leading information security research and advisory company. We deliver a unique mix of test-based research and expert analysis to provide our clients with the information they need to make good security decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS Labs' insight, every day. Founded in 1991, the company is located in Austin, Texas. For more information, visit www.nsslabs.com.

© 2012 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.

Add to Digg Bookmark with del.icio.us Add to Newsvine

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

@ThingsExpo Stories
SYS-CON Events announced today that WHOA.com, an ISO 27001 Certified secure cloud computing company, participated as “Bronze Sponsor” of SYS-CON's 16th International Cloud Expo® New York, which took place June 9-11, 2015, at the Javits Center in New York City, NY. WHOA.com is a leader in next-generation, ISO 27001 Certified secure cloud solutions. WHOA.com offers a comprehensive portfolio of best-in-class cloud services for business including Infrastructure as a Service (IaaS), Secure Cloud Desktop, Cloud Storage, Disaster Recovery, Integrated Applications and Security.
SYS-CON Events announced today that kintone has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. kintone promotes cloud-based workgroup productivity, transparency and profitability with a seamless collaboration space, build your own business application (BYOA) platform, and workflow automation system.
Discussions about cloud computing are evolving into discussions about enterprise IT in general. As enterprises increasingly migrate toward their own unique clouds, new issues such as the use of containers and microservices emerge to keep things interesting. In this Power Panel at 16th Cloud Expo, moderated by Conference Chair Roger Strukhoff, panelists addressed the state of cloud computing today, and what enterprise IT professionals need to know about how the latest topics and trends affect their organization.
SYS-CON Events announced today that SoftLayer, an IBM company, has been named “Gold Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place November 3–5, 2015 at the Santa Clara Convention Center in Santa Clara, CA. SoftLayer operates a global cloud infrastructure platform built for Internet scale. With a global footprint of data centers and network points of presence, SoftLayer provides infrastructure as a service to leading-edge customers ranging from Web startups to global enterprises. SoftLayer’s modular architecture, full-featured API, and sophisticated automation pro...
SYS-CON Events announced today that Intelligent Systems Services will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Established in 1994, Intelligent Systems Services Inc. is located near Washington, DC, with representatives and partners nationwide. ISS’s well-established track record is based on the continuous pursuit of excellence in designing, implementing and supporting nationwide clients’ mission-critical systems. ISS has completed many successful projects in Healthcare, Commercial, Manu...
17th Cloud Expo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy. Meanwhile, 94% of enterprises are using some form of XaaS – software, platform, and infrastructure as a service.
The enterprise market will drive IoT device adoption over the next five years. In his session at @ThingsExpo, John Greenough, an analyst at BI Intelligence, division of Business Insider, analyzed how companies will adopt IoT products and the associated cost of adopting those products. John Greenough is the lead analyst covering the Internet of Things for BI Intelligence- Business Insider’s paid research service. Numerous IoT companies have cited his analysis of the IoT. Prior to joining BI Intelligence, he worked analyzing bank technology for Corporate Insight and The Clearing House Payment...
SYS-CON Events announced today that CommVault has been named “Bronze Sponsor” of SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. A singular vision – a belief in a better way to address current and future data management needs – guides CommVault in the development of Singular Information Management® solutions for high-performance data protection, universal availability and simplified management of data on complex storage networks. CommVault's exclusive single-platform architecture gives companies unp...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo in Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal an...
"ciqada is a combined platform of hardware modules and server products that lets people take their existing devices or new devices and lets them be accessible over the Internet for their users," noted Geoff Engelstein of ciqada, a division of Mars International, in this SYS-CON.tv interview at @ThingsExpo, held June 9-11, 2015, at the Javits Center in New York City.
Buzzword alert: Microservices and IoT at a DevOps conference? What could possibly go wrong? In this Power Panel at DevOps Summit, moderated by Jason Bloomberg, the leading expert on architecting agility for the enterprise and president of Intellyx, panelists peeled away the buzz and discuss the important architectural principles behind implementing IoT solutions for the enterprise. As remote IoT devices and sensors become increasingly intelligent, they become part of our distributed cloud environment, and we must architect and code accordingly. At the very least, you'll have no problem fillin...
The 17th International Cloud Expo has announced that its Call for Papers is open. 17th International Cloud Expo, to be held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, APM, APIs, Microservices, Security, Big Data, Internet of Things, DevOps and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal today!
The 5th International DevOps Summit, co-located with 17th International Cloud Expo – being held November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is corr...
Internet of Things (IoT) will be a hybrid ecosystem of diverse devices and sensors collaborating with operational and enterprise systems to create the next big application. In their session at @ThingsExpo, Bramh Gupta, founder and CEO of robomq.io, and Fred Yatzeck, principal architect leading product development at robomq.io, discussed how choosing the right middleware and integration strategy from the get-go will enable IoT solution developers to adapt and grow with the industry, while at the same time reduce Time to Market (TTM) by using plug and play capabilities offered by a robust IoT ...
SYS-CON Events announced today that Secure Infrastructure & Services will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Secure Infrastructure & Services (SIAS) is a managed services provider of cloud computing solutions for the IBM Power Systems market. The company helps mid-market firms built on IBM hardware platforms to deploy new levels of reliable and cost-effective computing and high availability solutions, leveraging the cloud and the benefits of Infrastructure-as-a-Service (IaaS...
Today air travel is a minefield of delays, hassles and customer disappointment. Airlines struggle to revitalize the experience. GE and M2Mi will demonstrate practical examples of how IoT solutions are helping airlines bring back personalization, reduce trip time and improve reliability. In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Dr. Sarah Cooper, M2Mi’s VP Business Development and Engineering, will explore the IoT cloud-based platform technologies driving this change including privacy controls, data transparency and integration of real time context wi...
The basic integration architecture, as defined by ESBs, hasn’t changed for more than a decade. Most cloud integration providers still rely on an ESB architecture and their proprietary connectors. As a result, enterprise integration projects suffer from constraints of availability and reliability of these connectors that are not re-usable across other integration vendors. However, the rapid adoption of APIs and almost ubiquitous availability of APIs amongst most SaaS and Cloud applications are rapidly redefining traditional integration approaches and their reliance on proprietary connectors. ...
SYS-CON Events announced today that Dyn, the worldwide leader in Internet Performance, will exhibit at SYS-CON's 17th International Cloud Expo®, which will take place on November 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. Dyn is a cloud-based Internet Performance company. Dyn helps companies monitor, control, and optimize online infrastructure for an exceptional end-user experience. Through a world-class network and unrivaled, objective intelligence into Internet conditions, Dyn ensures traffic gets delivered faster, safer, and more reliably than ever.
Explosive growth in connected devices. Enormous amounts of data for collection and analysis. Critical use of data for split-second decision making and actionable information. All three are factors in making the Internet of Things a reality. Yet, any one factor would have an IT organization pondering its infrastructure strategy. How should your organization enhance its IT framework to enable an Internet of Things implementation? In his session at @ThingsExpo, James Kirkland, Red Hat's Chief Architect for the Internet of Things and Intelligent Systems, described how to revolutionize your archit...
To many people, IoT is a buzzword whose value is not understood. Many people think IoT is all about wearables and home automation. In his session at @ThingsExpo, Mike Kavis, Vice President & Principal Cloud Architect at Cloud Technology Partners, discussed some incredible game-changing use cases and how they are transforming industries like agriculture, manufacturing, health care, and smart cities. He will discuss cool technologies like smart dust, robotics, smart labels, and much more. Prepare to be blown away with a glimpse of the future.