NSS defines IPS devices as stand-alone appliances (hardware or virtualized) designed to decode and inspect every single packet passing through the device. These devices should allow legitimate traffic to pass through the device while blocking attacks and evasion techniques. IPS devices typically are placed behind the firewall and/or other security devices and provide the last layer of inspection before passing data to internal hosts. Key considerations for organizations evaluating IPS devices include security effectiveness, resistance to evasion, stability, performance, manageability, and overall value.

Data center IPS (DCIPS) products are deployed at critical points in the network, and their stability and reliability are imperative. In addition to deep inspection capabilities, a DCIPS must be as stable, as reliable, as fast, and as flexible as the infrastructure it protects. It should also be possible to incorporate a DCIPS into an existing security architecture without requiring a network redesign.

This Test Methodology describes how NSS will evaluate DCIPS products to provide an objective and fair assessment of the technology.