NGIPS – Largest Test to Date

A series of blue locks with one being red and unlockedOver 2.5 Million suspicious URL’s yielded over 2,400 drive by exploits used by threat actors in active campaigns.

Over the past few years, several trends have emerged, each posing challenges for intrusion prevention systems: social media, remote workers, wireless, bring your own device (BYOD), and the explosion of business/personal web applications all have led to the near-disintegration of the network perimeter.

Simultaneously, cyber-criminals have become more aggressive, increasingly targeting corporate assets. Vulnerability disclosures, in widely deployed operating systems and applications, are a growing problem. As a result, a new generation of intrusion prevention is required to meet the challenges of organizations without clearly defined perimeters.

NSS Labs announced today the completion of our most comprehensive NGIPS test to date. Products were tested from June 2016 through September 2016, with a live component of drive-by attacks from August 28th 2016 through September 26th 2016, using NSS Labs’ Cyber Advanced Warning System™ (CAWS). CAWS provides a unique and valuable insight into how products performed over time, the speed at which vendors responded to new attacks, and overall consistency of protection.

2,577,402 suspicious URL’s yielded more than 2,400 drive by exploits used by threat actors in active campaigns at the time of testing, making this the largest test ever conducted and the only multi-vendor test in the world conducted with such an exhaustive exploit library.  This is more than double the number of exploits used by NSS Labs in last year’s NGIPS test. 

Products selected by NSS Labs for the test were:

Check Point Software Technologies, Ltd. 13800 Next Generation Firewall Appliance vR77.20
Cisco FirePOWER 8350 v6.0.1
Forcepoint Stonesoft Next Generation Firewall 3301 v6.0.2
Fortinet FortiGate 3000D v5.4.0
IBM Security Network Protection XGS 7100 v5.3.2.1
Intel Security McAfee Network Security Platform NS9100 v8.2.5.158
Palo Alto Networks PA-7050 v7.0.4
Trend Micro TippingPoint 7500NX v3.8.4.4525

Four (4) out of the eight (8) products in the test received a Recommended rating from NSS Labs.  Two (2) products received a Neutral rating and two (2) received a Caution rating.

NSS Labs believes we have a responsibility to the enterprise, to inform them of the varying security effectiveness and flaws that can make them open to attacks. We work closely with vendors, to correct issues discovered during testing, and commend vendors’ responsiveness towards providing solutions and updates to ensure the continued safety and protection of their customers.

For more information on how each vendor performed independently, as well as collectively, can be found on the NSS website here.

Follow us on Twitter (@NSSLabs) to keep informed as new research is released.

TAGS: BYOD, CAWS, Exploits, Next Generation Intrusion Prevention System, NGIPS