A server protection product is designed to protect servers and their hosted services against threats/exploits. In recent years, cybercriminals have grown more aggressive, increasingly targeting enterprise servers including web and database servers. The growing number of vulnerability disclosures in widely deployed operating systems and server applications is a multi-faceted problem. Server protection plays an important role in this solution. Designed to identify and block attacks against mission-critical assets, effective server protection provides temporary defense and thus relief from the immediate need to patch affected systems. This allows administrators to plan downtime appropriately and patch the vulnerable system during a maintenance window. Server protection must catch sophisticated attacks while producing as few false positives as possible.

This methodology describes how NSS will evaluate server protection products to provide an objective and fair assessment of the technology.