Five Products Receive Recommended Rating for both IPv4 and IPv6

AUSTIN, Texas – February 20, 2018 – NSS Labs, a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the results of its Data Center Intrusion Prevention Systems (DCIPS) Group Test. Organizations rely heavily on data centers and IT infrastructure to enable growth, agility, and productivity. Industry analysts predict that the increase in data center traffic, the rise in cyber threats, and the expansion of virtualized data centers will fuel significant growth in the data center security market and estimate that this market will reach $13.38 billion by 2020, with a CAGR of 14.70%.1

An intrusion prevention system (IPS) deployed in the data center (i.e., a data center intrusion prevention system, or DCIPS) is typically subjected to significantly higher traffic levels than an IPS that is deployed at the corporate network perimeter. In a data center deployment, a DCIPS sits inline (as a “a bump in the wire”) inside the data center perimeter, or in the “trusted” zone, to protect servers and applications from remote attacks.

A DCIPS must be capable of performing deep packet inspection in order to protect core assets in the data center from remote attacks. Unlike its next-generation IPS cousin, which protects users from the Internet, the DCIPS protects data center servers and the applications that run on them (i.e., web servers, mail servers, DNS servers, application servers, etc.) from the enterprise intranet and the Internet.

The 2018 DCIPS Group Test results provide insight into tested products including their effectiveness against evasions, performance capabilities and inherent latency, stability and reliability, and total cost of ownership (TCO) over a three-year period.

Key findings from the test:

  • Five products achieved a Recommended rating for both IPv4 and IPv6.
  • The Security Effectiveness of verified products ranged between 89.0% and 98.7%.
  • The average Security Effectiveness rating was 84.6%; five products received a Security Effectiveness rating above this average.
  • TCO per Protected Mbps for verified products ranged between US$3 and US$9, with most tested products costing less than US$6 per protected Mbps.
  • The average TCO per Protected Mbps (Value) was US$10.76; five products demonstrated value above the average.

“An enterprise’s most valuable IT assets and intellectual property reside in its corporate data center,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “The goal of the DCIPS is to protect these assets from remote attacks. Because DCIPS are typically deployed inline, there is frequently a trade-off between security effectiveness and performance. The NSS Labs DCIPS Group Test reports provide clarity and insights that help enterprises understand which factors to consider for their use cases.”

The following products were tested:

  • Fortinet FortiGate 3000D v5.4.5 GA Build 3273
  • Fortinet FortiGate 7060E v5.4.5 GA Build 6355
  • Juniper Networks SRX5400E v15.1X49-D100.6
  • McAfee Network Security Platform NS9100 Appliance v9.1.5.3
  • Trend Micro TippingPoint 8400TX v5.0.0.4815
  • Unverified: Cisco

1Mordor Intelligence Study, Data Center Security Market – Industry Analysis, Geography, Trends, Forecast – (2017 – 2022)

NSS Labs is committed to providing empirical data and objective group test results that enable organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results.