 |
IPS Certification
The NSS Group conducted the first comprehensive IPS test of
its kind, now updated in this latest testing round with a completely
revised, more rigorous and extensive methodology. This exhaustive review
will give readers a complete perspective of the capabilities, maturity and
suitability of the products tested for their particular needs.
As part of its extensive IPS test methodology The NSS Group subjects each
product to a brutal battery of tests that verify the stability and
performance of each IPS tested, determine the accuracy of its security
coverage, and ensure that the device will not block legitimate traffic.
The NSS tests go much further than other IPS tests in all areas:
- Attack recognition - NSS tests
employ a test suite carefully selected to determine how effective the IPS
device is against recent threats which fall into specific classes (root
compromise, DOS condition, information only, etc.) rather than simply use
canned tools with outdated exploit libraries.
- Evasion - This is a critical area
as IPS devices are deployed more widely and attackers become more
determined to beat them. Finding new exploits is far more difficult for
hackers than using common evasion techniques to evade signatures for
existing exploits. NSS continues to raise the bar in this area, extending
evasion tests in all areas and adding new evasion tests for recent threats
such as server-to-client exploits.
- Performance - NSS has the most
advanced IPS test rig in the world, capable of generating up to 10Gbps of
test traffic. NSS believes that simple tests using captured network
traffic is not enough to provide potential purchasers with all the data
they need to make an informed decision. NSS does use captured
real-world network traffic for some of its tests, but enhances this
with extensive, repeatable stress tests which provide purchasers with
useful data points such as maximum number of TCP connections per second,
maximum HTTP transactions per second, maximum simultaneous open
connections, and so on.
- Management - Whether the user is
deploying a single IPS or multiple appliances across a global enterprise,
management, configuration, alert handling and reporting capabilities are
of vital importance. The NSS tests are unique in specifying requirements
for the management system and testing carefully against the published
methodology to provide potential purchasers with detailed information on
the management system from device to device.
If a particular IPS has been designated as
NSS Approved, customers
can be confident that the device will not significantly impact network/host
performance, cause network/host crashes, or otherwise block legitimate
traffic.
To assess the complex matrix of IPS/Attack Mitigator performance and
security requirements, The NSS Group has developed a specialised lab
environment that is able to exercise every facet of an IPS product. The test
suite contains over 1500 individual tests that evaluate IPS products in
three main areas: performance and reliability, security accuracy, and
usability. This results in the most thorough and complete evaluation of IPS
products available anywhere today, under the most demanding conditions
including extreme loads as well as real-world deployment scenarios using
real network traffic.
The NSS certification program is also unique in awarding multiple levels of
NSS Approved awards to help users differentiate more accurately between
products for different deployment scenarios - the standard IPS award is
equivalent to the previous NSS Approved (although the more rigorous new test
suite makes it harder to obtain), and above that are additional levels for
Branch Office, Enterprise and MSP/ISP devices.
It is worth pointing out that standards are very high, and not every product
submitted for testing receives an NSS Approved award.
The NSS Group IPS test methodologies have become the de facto standard for
testing in-line Intrusion Prevention/Attack Mitigation devices, and the NSS
Approved logo is now an essential item on the list of requirements when
purchasing these products.
Click here to
see a summary and explanation of the IPS testing procedure, with commentary
as to why this type of testing is so important
Click
here to download the complete IPS testing procedure in PDF format
Click here to
see an explanation of the exploit selection criteria for IPS testing
Click here to see details of the latest
round of test results - a complete list of currently certified products
|
Certification Programs
IPS Certification:
Introduction
Testing
Procedure Summary
Testing Procedure (PDF)
Exploit Selection Criteria
Certified IPS Products
Test Equipment
Contact The NSS Group
Home
|
