Press

NSS Labs Announces 2018 Next Generation Intrusion Prevention Group Test Results

September 20, 2018
5 Products Receive Recommended Rating; 2 Receive Caution Rating

AUSTIN, Texas – September 20, 2018 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the results of the fourth iteration of its Next Generation Intrusion Prevention System (NGIPS) Group Test. In this test, seven products from six market-leading security vendors were evaluated to help enterprises make informed decisions regarding which NGIPS products are the best fit for their environments.

The role of an NGIPS is to protect enterprises and provide granular visibility into network traffic. An NGIPS decodes and inspects network traffic, allowing legitimate traffic to pass, blocking traffic that has been identified as malicious or unwanted, and also resisting evasion techniques. NGIPS are typically placed behind firewalls or used between internal networks and implemented as transparent inline devices.

87.6% of US enterprises surveyed in an NSS Labs research study reported deploying NGIPS technology. The study revealed that the top challenges experienced by enterprises with NGIPS technology include false positives, difficulty in managing rules, and few actionable alerts.

Cybersecurity is now a never-ending game of cat and mouse. Attackers are developing new techniques to exploit vulnerabilities at an ever-increasing pace. Additionally, attackers are “going back to the well” and exploiting old vulnerabilities using variants of known exploits. To address this trend, the 2018 NGIPS Group Test was expanded to include resiliency testing. A system’s resiliency can be defined as its ability to protect against multiple variants of an exploit, not just the known exploit. By testing resilience, NSS Labs enables enterprises to know which NGIPS products will continue to protect them after the spotlight has moved on.

Key Take-aways from the 2018 NGIPS Group Test

  • Security Effectiveness:
    • The Security Effectiveness of a device is determined by factoring the results of evasions testing and stability and reliability testing into the exploit block rate.
    • Overall Security Effectiveness of the tested products ranged from 25.0% to 99.8%, with four of the seven tested products achieving a rating greater than 99.4%.
    • The average Security Effectiveness rating was 66.2%; five of the tested products received an above-average Security Effectiveness rating, and two of the tested products received a below-average Security Effectiveness rating.
  • Total Cost of Ownership (TCO) per Protected Mbps:
    • In NSS Labs testing, a unique formula, Total Cost of Ownership (TCO) per Protected Mbps, is used to enable value-based comparisons of NGIPS products in the market. TCO per Protected Mbps is calculated using three-year TCO, security effectiveness, and NSS-tested throughput.
    • TCO per Protected Mbps ranged from US$2 to US$199, with most tested products costing less than US$8 per protected Mbps.
    • The average TCO per Protected Mbps was US$47.66; five of the tested products were rated as having above-average value, and two of the tested products were rated as having below-average value.
  • Evasions:
    • Attackers use evasions to bypass security controls. A single evasion can grant an attacker access to your network. What’s worse, when an attacker successfully uses an evasion to bypass defenses there is no trace of the attack. There is no log; there are no alerts.
    • In the 2018 NGIPS Group Test, products were tested against 147 evasions to evaluate how well the products were able to detect and block the evasions.
    • Two of the tested products missed at least one evasion.
  • Stability:
    • An unstable device that disrupts traffic unexpectedly can have serious consequences. Testing revealed some products had stability issues with certain versions.

“Over the past few years, rapid adoption of social media, streaming video, teleconferencing, and other bandwidth-intensive technologies have led to significant network behavior changes,” said Jason Brvenik, Chief Technology Officer at NSS Labs. ”To address these challenges, enterprises have begun to embrace a zero-trust security framework, which eliminates the idea of trusted (or internal) networks. Findings from the 2018 NGIPS Group Test provide critical insights into performance and security effectiveness to help enterprises understand which products are best suited to help address a zero-trust security model without requiring complete network redesign.”

The following products were tested:

  • Forcepoint Forcepoint NGFW v6.3.6
  • Fortinet FortiGate 500E v5.6.4GA build 7892
  • Fortinet FortiGate 3000D v5.6.4GA build 7892
  • IBM QRadar XGS5200 v5.4.0.4
  • Juniper Networks SRX4200 v15.1X49-D140.2
  • Palo Alto Networks PA-5220 PAN-OS 8.1.2
  • Trend Micro TippingPoint 8400TX v5.1.0.4965

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results.