NSS Labs Puts Network Intrusion Prevention Systems to the Test

Share Article

Security Effectiveness Results Range from 17.3 Percent to 89.5 Percent—Buyers Should Carefully Review Products before Purchasing

Organizations need to know the true protection and performance of their security investments beyond what vendors include in their marketing materials.

NSS Labs, Inc., the leading independent security testing organization, today announced the release of its latest Network Intrusion Prevention System (IPS) Comparative Group Test Report for the fourth quarter of 2009. Based on extensive real-world testing at the NSS Labs facility, the report evaluates 15 NIPS products from seven vendors on their effectiveness, performance, and total cost of ownership (TCO).

Designed to identify and block attacks against organizational assets such as servers, applications, and databases, IPS products are a critical part of an organization’s layered security strategy. With increasing vulnerability disclosures in widely-deployed operating systems, applications, and even security products, IPS products can afford an organization temporary protection and relief from the immediate need to patch affected systems.

All leading IPS vendors were invited to participate in the test at no cost. Using its real-world testing methodology, NSS Labs compared the products head-to-head against 1,159 live, enterprise-class exploits. Products were tested using the vendor’s default or “recommended” settings and then again as tuned by a vendor representative.

“Organizations need to know the true protection and performance of their security investments beyond what vendors include in their marketing materials,” said Rick Moy, president, NSS Labs. “This report provides unique information to help users select and manage IPS products appropriate for their environments.”

Products tested in the report include:

  • Cisco® IPS 4260 Sensor
  • IBM Proventia® Network IPS GX4004
  • IBM Proventia Network IPS GX6116
  • Juniper Networks® IDP-250
  • Juniper Networks IDP-600c
  • Juniper Networks IDP-800
  • McAfee® M-1250
  • McAfee M-8000
  • Sourcefire 3D® 4500 Network IPS
  • Stonesoft StoneGate™ IPS-1030
  • Stonesoft StoneGate IPS-1060
  • Stonesoft StoneGate IPS-6105
  • TippingPoint® TP 10 IPS
  • TippingPoint 660N IPS
  • TippingPoint 2500N IPS

Key findings from the report show:

  • Organizations that do not tune their IPS products could be missing up to 44 percent of “catchable” attacks.
  • Vendors overstated their product performance levels by 12 to 50 percent.
  • The protection effectiveness, performance, and labor required of lower-priced products rarely make them a better value.
  • Product guidance from NSS Labs on each product, indicated as “Recommended,” “Neutral,” or “Caution.”

NSS Labs is also introducing Exposure Reports to assist organizations in plugging holes in front of critical assets. These unique reports are the first ever to detail specific threats that products do not protect against.

Copies of the IPS Comparative Group Test Report are available for $1,800 per copy until December 31, 2009 (normally $2,500 per copy). Individual Product Test Reports providing the details of a specific product’s results are available for $600 per copy. All reports can be purchased at http://www.nsslabs.com/IPS-2009-Q4. NSS Labs also offers annual subscriptions to its information services.

About NSS Labs, Inc.

NSS Labs, Inc. is the world’s leading independent, information security research and testing organization. Its expert analyses provide information technology professionals with the unbiased data they need to select the right product for their organizations. Pioneering intrusion detection and prevention system testing with the publication of the first such test criteria in 1999, NSS Labs has also evaluated firewall, unified threat management, anti-malware, encryption, web application firewall, and other technologies on a regular basis. The firm’s real-world test methodology is the only one to assess security products against live Internet threats. As such, NSS Labs tests are considered the most aggressive in the industry and its recommendations and certifications highly coveted by vendors. Founded in 1999, the company has offices in Carlsbad, California and Austin, Texas. For more information, visit http://www.nsslabs.com.

© 2009 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Liz Goldberg
Visit website