5 of 10 Intrusion Prevention Systems Tested Received NSS Labs Coveted “Recommended” Status

AUSTIN, Texas – January 15, 2014 – NSS Labs today released its 2013 Network Intrusion Prevention Systems (IPS) Security Value Map and Comparative Analysis Reports, which evaluated 10 of the leading IPS products on the market for security effectiveness, performance, enterprise management capabilities and total cost of ownership.

NSS’s research yielded several key conclusions:

    • IPS Security Effectiveness Scores Remain High in 2013: In the latest 2013 tests, 4 of the 10 products scored over 95% for security effectiveness (excluding management) and the overall scores ranged from 89.2% to 97.9%. This remains consistent with 2012 testing, where the overall scores ranged from 77% to 98% and over half of tested vendors scored above 95% for security effectiveness.
    • Management Capabilities Vary Widely and Have Crucial Impact on IPS Effectiveness: The ability to manage an enterprise security environment effectively is critical to the effectiveness of an IPS solution. In 2013, 4 of the 10 products tested had missing or incomplete management features that were considered critical by NSS Labs. When management scoring is applied, the overall score for these 4 vendors dropped dramatically – moving two from “Recommended” to “Neutral” ratings. Overall the managed security effectiveness scores ranged from 29.1% to 98.5%.
    • Total Cost of Ownership Decreased Significantly in 2013: The overall range of TCO decreased in 2013 testing with prices per protected megabit per second ranging from $11 to $50 and most tested devices costing below $30 per Protected-Mbps. This is down from a range of $15 – $108 and an average of $42 per Protected-Mbps in 2012 testing.
    • More Vendors Back their Performance Claims: Only 3 of 10 products tested had throughput rates that were less than their vendors’ stated claims and only 1 of these 3 products underperformed significantly at less than 50% of its stated throughput rate. In 2012 testing, over 50% of the tested devices performed at throughput rates less than what the vendors’ stated.

Commentary: Mike Spanbauer, Managing Director of Research, NSS Labs

“In 2013, IPS vendors made significant strides in lowering total cost of ownership and improving performance, but management capabilities remain a crucial, uneven area organizations must evaluate carefully,” said Mike Spanbauer, Managing Director of Research, NSS Labs. “It remains customers’ urgent responsibility to consult reliable, real-world testing data and assess their management requirements carefully in order to prevent incomplete administration, reporting and other management requirements from offsetting otherwise effective IPS deployments.”

The 2013 IPS Security Value Map™, Comparative Analysis Reports™, and Product Analysis Reports™ for each vendor are currently available to NSS Labs’ subscribers at

The products covered in the 2013 IPS Group Test are:

      • CheckPoint 13500
      • Dell SonicWALL SuperMassive E10800
      • Fortinet FortiGate 3600C
      • HP TippingPoint 7500NX
      • IBM GX7800
      • Juniper SRX 5800
      • McAfee NS-9100
      • McAfee NS-9200
      • Sourcefire 7120
      • Stonesoft 3206