In late May, NSS Labs released the results of its research on “Correlation of Detection Failures”. In an array of tests which implemented various combinations of layered security technologies, a mere 3% of unique combinations managed to detect all the exploits employed. The published report outlined the testing of the protection effectiveness of next-generation firewalls, intrusion prevention systems, and endpoint protection.
The tests included 37 security products from 24 different vendors and 1,711 exploits. There were 16 IPS, 8 next-generation firewall, and 13 endpoint protection products in the test. Networking products included the Barracuda F900 networking security appliance, Check Point 12600, and the Palo Alto PA5020.
None of the 37 tested products managed to detect all the exploits on their own. Of the 606 combinations possible with two of the security products in the test, only 3 percent of the possibilities detected all the exploits.
The results of these tests raise several concerns about the “holy grail” of defense-in-depth that is so often touted by security professionals. The key question that comes to my mind is: How do enterprises deploy adequate and effective security controls that defend against exploits that are able to circumvent multi-layered defense strategies? Have a look at the report and let me know what you think.