Connect with us

Hi, what are you looking for?


Network Security

Layered Security Approach Still Fails to Block Exploits: Report

Layered security may be security best practice, but many of the current technologies don’t appear to be detecting and blocking exploits, according to recent NSS Labs research.

Layered security may be security best practice, but many of the current technologies don’t appear to be detecting and blocking exploits, according to recent NSS Labs research.

In a test which layered typical defense technologies in various combinations, only 3 percent of unique combinations managed to detect all the exploits used, NSS Labs said in its new “Correlation of Detection Failures” report released Wednesday. The report tested the security effectiveness of next-generation firewalls, intrusion prevention systems, and endpoint protection.

Layered Security StrategyThe group tests included 37 security products from 24 different vendors and 1,711 exploits. There were 16 IPS, 8 next-generation firewall, and 13 endpoint protection products in the test. Networking products included the Barracuda F900 networking security appliance, Check Point 12600, and the Palo Alto PA5020.

None of the 37 tested products managed to detect all the exploits on their own. Of the 606 combinations possible with two of the security products in the test, only 3 percent of the possibilities detected all the exploits, NSS Labs said.

The results “present a serious challenge to the security industry as they allow an attacker to bypass several layers of defense using only a small set of exploits,” wrote Stefan Frei, research director at NSS Labs and principal author of the report.

The number of exploits that managed to bypass multiple security products, and the number of security products that were unable to block the exploits is “significantly higher than the common expectation,” Frei wrote. Security professionals run the risk of overestimating the security benefits of deploying multiple protection technologies.

It doesn’t appear to make a difference if there were multiple products within a security category, such as intrusion prevent systems, or multiple products across multiple categories, such as having antivirus running on an endpoint behind both an IPS and a next-generation firewall. Either deployment method “does not always provide the ‘defense in depth’ that we are led to believe exists,” Frei said.

Since many of the vendors use the same sources of threat intelligence and the same vulnerability research feeds, it’s likely they have the same deficiencies in their exploit detection and blocking capabilities. Layered defenses are critical to securing the enterprise, but organizations need to think about which products actually results in security gains.

Advertisement. Scroll to continue reading.

NSS Labs did not specify the two products that successfully blocked the exploits.

“This analysis shows that, while it is helpful to adopt a layered approach to security, the real key to effective protection against threats lies in an organization’s choice of protection technologies to be combined,” Frei wrote.

Related Reading: Chainmail – A Great Model for a Solid Security Strategy

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...