NSS Labs Puts Network Intrusion Prevention Systems to the Test
 

Security Effectiveness Results Range from 17.3 Percent to 89.5 Percent—Buyers Should Carefully Review Products before Purchasing.

CARLSBAD, Calif., December 9, 2009 - NSS Labs, Inc., the leading independent security testing organization, today announced the release of its latest Network Intrusion Prevention System (IPS) Comparative Group Test Report for the fourth quarter of 2009. Based on extensive real-world testing at the NSS Labs facility, the report evaluates 15 NIPS products from seven vendors on their effectiveness, performance, and total cost of ownership (TCO).

Designed to identify and block attacks against organizational assets such as servers, applications, and databases, IPS products are a critical part of an organization’s layered security strategy. With increasing vulnerability disclosures in widely-deployed operating systems, applications, and even security products, IPS products can afford an organization temporary protection and relief from the immediate need to patch affected systems.

All leading IPS vendors were invited to participate in the test at no cost. Using its real-world testing methodology, NSS Labs compared the products head-to-head against 1,159 live, enterprise-class exploits. Products were tested using the vendor’s default or “recommended” settings and then again as tuned by a vendor representative.

“Organizations need to know the true protection and performance of their security investments beyond what vendors include in their marketing materials,” said Rick Moy, president, NSS Labs. “This report provides unique information to help users select and manage IPS products appropriate for their environments.”

Products tested in the report include:

Cisco® IPS 4260 Sensor
IBM Proventia® Network IPS GX4004
IBM Proventia Network IPS GX6116
Juniper Networks® IDP-250
Juniper Networks IDP-600c
Juniper Networks IDP-800
McAfee® M-1250
McAfee M-8000
Sourcefire 3D® 4500 Network IPS
Stonesoft StoneGate™ IPS-1030
Stonesoft StoneGate IPS-1060
Stonesoft StoneGate IPS-6105
TippingPoint® TP 10 IPS
TippingPoint 660N IPS
TippingPoint 2500N IPS


Key findings from the report show:

Organizations that do not tune their IPS products could be missing up to 44 percent of "catchable" attacks.
 

Vendors overstated their product performance levels by 12 to 50 percent.
 

The protection effectiveness, performance, and labor required of lower-priced products rarely make them a better value.
 

Product guidamce from NSS Labs on each product, indicated as "Recommended," "Neutral," or "Caution."


NSS Labs is also introducing Exposure Reports to assist organizations in plugging holes in front of critical assets. These unique reports are the first ever to detail specific threats that products do not protect against.
 
Copies of the IPS Comparative Group Test Report are available for $1,800 per copy until December 31, 2009 (normally $2,500 per copy). Individual Product Test Reports providing the details of a specific product’s results are available for $600 per copy.

 
Home  |  Product Database  |  Certification Services  |  Resources  |  Company  |  Contact
Copyright ©2008 by NSS Labs All Rights Reserved. Privacy Policy