Industry Trends

BDS? Sandbox? Call It What You Will, But the Market Is Growing Fast

By Chris Dawson | August 06, 2015

NSS Labs released their second annual breach detection system (BDS) test results this week, highlighting a market that is growing at a CAGR of 32%, more than double that of next gen firewalls.  Gartner cites 20 vendors in this competitive space – 9 of them participated in the NSS Labs comparison, giving IT and security decision makers robust, objective data on which to base their purchases.

Let’s take a step back, though, and clearly define breach detection systems. Many vendors simply refer to them as sandboxes, but NSS Labs gives more detail in their methodology:

Through constant analysis of suspicious code and identification of communications with malicious hosts, breach detection solutions are capable of providing enhanced detection of advanced malware, zero-day and targeted attacks that could bypass defenses such as next generation firewalls (NGFW), intrusion preventions systems (IPS), intrusion detection systems (IDS), antivirus/endpoint protection (including host IPS), and secure web gateways (SWG).

Whatever you call them, these systems provide a critical layer of protection from advanced threats, both during an attack and as attackers are attempting to exfiltrate data. Because the inspection of traffic in a sandbox is processor- and time-intensive, it frequently takes place out of band but, to be effective, requires substantial throughput and performance.

Thus, breach detection systems aren’t intended to replace firewalls and other security appliances but rather to supplement them as part of what Fortinet calls an Advanced Threat Protection Framework. With protection at the edge of your network, in the datacenter, and on every endpoint, the BDS is the last line of defense for unknown and novel attacks.

NSS Labs awards “Recommended” status to devices that are both above average in cost-effectiveness and security effectiveness. This year, Fortinet achieved a recommended rating for breach detection systems, making it the only vendor to be recommended in all four major categories of network and device protection (NGFW, NGIPS, endpoint, and BDS). You can get more information about Fortinet’s test results with NSS Labs here.

Jonas Tichenor talked with John Maddison, Fortinet vice president of marketing, about the NSS Labs results, Black Hat 2015, and more: