Enterprises demand a lot of their data centers, which makes their performance and availability paramount. Infrastructure and application architectures are designed to work in concert with each other, thus any incorrectly sized or configured components can disrupt applications for employees or customers. Network security technology is essential in a data center architecture, providing connectivity, and in some cases, traffic inspection or special handling to protect critical assets.

NSS Labs uses the term data center network security (DCNS) to describe devices that provide network security for the data center. There are several device types in this category; the data center firewall (DCFW) and the data center intrusion prevention system (DCIPS) are the most well-known, each having been deployed for a number of years. A third type of device combines the capabilities of the DCFW and DCIPS and is referred to as a data center security gateway (DCSG).

Data center security gateways are the convergence of data center security capabilities, and as such, provide a vital role in today’s security infrastructure. Considerations for deployment include:  

  • What server operating systems and applications are to be protected?
  • What are peak performance requirements?
  • Can the security product be bypassed using common evasion techniques?
  • How reliable and stable is the device?


Four of the industry’s leading data center deep inspection firewall products were tested to compare product capabilities for security effectiveness (exploit block rate, evasion techniques, and stability & reliability), total cost of ownership (TCO), and performance: