In the same way that the traditional firewall vendors transitioned to next generation firewall (NGFW) products, many IPS vendors began to add features in order to differentiate themselves as next generation IPS (NGIPS). Key features that differentiate traditional perimeter IPS products from NGIPS products include application control, user awareness, integration with threat intelligence, and integration of features from security tools such as network behavior anomaly detection (NBAD), security information and event management (SIEM), and packet capture analysis.

As with their predecessors, NGIPS devices must protect the enterprise user against threats/exploits. Designed to identify and block attacks against internal computing assets, an effective NGIPS can provide temporary protection against affected systems. The device must catch sophisticated attacks while producing as few false positives as possible. Since the role of an NGIPS is to protect users and provide granular visibility into network traffic, it has been considered a perimeter device and deployed behind a firewall to supplement the overall security of the enterprise. IPS devices are also used to protect internal network infrastructure such as web servers and VOIP (voice over Internet protocol).

This methodology describes how NSS will evaluate NGIPS products to provide an objective and fair assessment of the technology.