Intrusion Prevention Systems

Intrusion Prevention Systems

Group Test (Edition 3)

Foreword

Following the huge success of the first comprehensive Intrusion Prevention System (IPS) test of its kind, The NSS Group is pleased to present the results of its third IPS Group Test, the largest so far, which includes a number of new products not included in the first two reports.

As with the first two Editions, this exhaustive review will give readers a complete perspective of the capabilities, maturity and suitability for immediate deployment of each of the products tested. The NSS Group established this test as IPS products are being actively deployed as a new layer in defence-in-depth security architectures.

The NSS IPS Group Test evaluates the performance, reliability, security effectiveness, and usability of Network IPS products. The test consists of seven sections within three primary areas: performance and reliability, security accuracy, and usability.

Overall, the brand new test suite contains over 800 individual tests, many of which are run multiple times, to provide the most thorough and complete evaluation of IPS products available anywhere today. The NSS Group has developed advanced testing methodologies for both Rate-Based IPS and Content-Based IPS products, since these devices are often very different in operation, although all products tested in this edition of the report are content-based.

It is worth pointing out that not every product submitted for testing receives an NSS Approved award. Standards are very high, and only those appearing in this report have received NSS Approved awards. For this latest round of testing, twelve vendors submitted a total of fourteen products for testing, and ten of these passed our stringent testing to receive NSS Approved. It is heartening to note that this is a much-improved success ratio over the previous round.

We believe that our IPS test methodologies - which have been updated again for this test - will become the de facto standard for testing in-line Intrusion Prevention/Attack Mitigation devices, and the NSS Approved logo an essential item on the list of requirements when purchasing these products.

We also believe that this report is essential reading for anyone considering deploying Intrusion Prevention Systems in their networks, either in a test or live situation, and we hope that you find it both informative and useful in making your purchasing decisions. The latest IPS Group Test report can be viewed on-line at www.nss.co.uk/ips

Bob Walder

Table of Contents

Introduction
Intrusion Prevention Systems (IPS)
Host IPS (HIPS)
Network IPS (NIPS)
Rate-Based IPS (Attack Mitigator)
Detection Methods
Pattern Matching
Stateful Pattern Matching
Protocol Decode
Heuristic Analysis
Anomaly Analysis
Which Detection Method Is The Best
Implementation Challenges
Requirements for effective prevention
The NSS Intrusion Prevention Group Test
Performance
Security Effectiveness
Usability