NSS defines intrusion prevention systems (IPS) as stand-alone appliances (hardware or virtualized) designed to decode and inspect every single packet passing through the device. These devices should allow legitimate traffic to pass through the device while blocking attacks and evasion techniques. IPS devices typically are placed behind the firewall and/or other security devices and provide the last layer of inspection before passing data to internal hosts. Key considerations for organizations evaluating IPS devices include security effectiveness, resistance to evasion, stability, performance, manageability, and overall value.

This Test Methodology describes how NSS will evaluate IPS products to provide an objective and fair assessment of the technology.