Implementation of intrusion prevention systems (IPS) can be a complex process with multiple factors affecting the overall performance of the solution. Each of these factors should be considered over the course of the useful life of the solution, including:

• Where will it be deployed?
• What is the predominant traffic mix?
• What security policy is applied?

There is usually a trade-off between security effectiveness and performance; a product’s security effectiveness should be evaluated within the context of its performance (and vice versa). This ensures that new security protections do not adversely impact performance and security shortcuts are not taken to maintain or improve performance. Sizing considerations are absolutely critical, since vendor performance claims can vary significantly from actual throughput with protection enabled. NSS Labs rates throughput based on the average of the following test results: “Real-World” Protocol Mixes for the data center (financial, virtualization hub, mobile users and applications, web-based applications and services, and Internet Service Provider mix), and 21 KB HTTP response-based capacity tests