Authors: Keith Bormann, Morgan Dhanraj and Thomas Skybakmoen

Publish Date: February 19, 2018

The digital world has transformed modern business. The growing use of the Internet has placed more demands than ever on the corporate data center. Organizations today rely more on their IT infrastructure to enable growth, agility, and productivity. But where there is opportunity, there is also risk. Enterprises must protect their end users and they must also protect the intellectual property and mission-critical applications that reside in their data centers.

While perimeter devices are expected to protect end users and a wide range of end user applications, data center security devices are deployed to protect servers and applications hosted in the data center. Data center intrusion prevention systems (DCIPS) are deployed at critical points in the network so their stability and reliability are imperative. The goal of a DCIPS is to identify and block sophisticated threats against web servers, application servers, and database servers without false positives or degradation of network performance.


Implementation of DCIPS can be a complex process, with multiple factors affecting the overall cost of deployment, maintenance, and upkeep. This report focuses on the Total Cost of Ownership (TCO) per Protected Mbps. NSS’ cost analysis includes a three-year TCO, which is based on:

    • Acquisition costs for the DCIPS and a central management system (CMS)
    • Fees paid to the vendor for annual maintenance, support, and signature updates
    • Labor costs for installation, maintenance, and upkeep


    • Fortinet FortiGate 3000D v5.4.5 GA Build 3273
    • Fortinet FortiGate 7060E v5.4.5 GA Build 6355
    • Juniper Networks SRX5400E v15.1X49-D100.6
    • McAfee Network Security Platform NS9100 Appliance v9.1.5.3
    • Trend Micro TippingPoint 8400TX v5.0.0.4815

To learn how vendors performed, download a copy of each Test Report. NSS clients can also download the DCIPS Comparative Reports on Performance, Security, and Security Value Map.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.