PUBLICATION & RESEARCH LIBRARY

Authors: Keith Bormann, Morgan Dhanraj and Thomas Skybakmoen

Publish Date: December 20, 2017

The digital world has transformed modern business. The growing use of the Internet has placed more demands than ever on the corporate data center. Organizations today rely more on their IT infrastructure to enable growth, agility, and productivity. But where there is opportunity, there is also risk. Enterprises must protect their end users and they must also protect the intellectual property and mission-critical applications that reside in their data centers.

While perimeter devices are expected to protect end users and a wide range of end user applications, data center security devices are deployed to protect servers and applications hosted in the data center. Data center security gateways (DCSGs) converge data center firewall (DCFW) and data center IPS (DCIPS) technologies, and as such, play a vital role in today’s security infrastructure. The goal of the DCSG is to provide access control in the data center and deep packet inspection in order to protect servers and applications from remote attacks.

This report uses data from NSS’ individual DCSG Test Reports to create Security Effectiveness ratings for each product. Products are scored on multiple factors that affect the overall security effectiveness of the system, including:

  • Firewall policy enforcement
  • IPS exploit blocking capabilities
  • IPS anti-evasion capabilities (resistance to common evasion technique)
  • Stability and reliability

The following products were evaluated:

  • Cisco FirePOWER 4150 v6.2.2
  • Fortinet FortiGate 3000D v5.4.5 GA Build 3273
  • Fortinet FortiGate 7060E v5.4.5 GA Build 6355
  • Juniper Networks SRX5400E v15.1X49-D100.6
  • Palo Alto Networks PA-5250 PAN-OS 8.0.3-h4

 

To learn how each vendor performed, download a copy of each Test Report. NSS clients can also download the DCSG Comparative Reports on Performance and Total Cost of Ownership.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.