NSS Labs Puts Network Intrusion Prevention Systems to the Test

Security Effectiveness Results Range from 17.3 Percent to 89.5 Percent—Buyers Should Carefully Review Products before Purchasing

CARLSBAD, Calif., December 9, 2009 - NSS Labs, Inc., the leading independent security testing organization, today announced the release of its latest Network Intrusion Prevention System (IPS) Comparative Group Test Report for the fourth quarter of 2009. Based on extensive real-world testing at the NSS Labs facility, the report evaluates 15 NIPS products from seven vendors on their effectiveness, performance, and total cost of ownership (TCO).

Designed to identify and block attacks against organizational assets such as servers, applications, and databases, IPS products are a critical part of an organization’s layered security strategy. With increasing vulnerability disclosures in widely-deployed operating systems, applications, and even security products, IPS products can afford an organization temporary protection and relief from the immediate need to patch affected systems.

All leading IPS vendors were invited to participate in the test at no cost. Using its real-world testing methodology, NSS Labs compared the products head-to-head against 1,159 live, enterprise-class exploits. Products were tested using the vendor’s default or “recommended” settings and then again as tuned by a vendor representative.

“Organizations need to know the true protection and performance of their security investments beyond what vendors include in their marketing materials,” said Rick Moy, president, NSS Labs. “This report provides unique information to help users select and manage IPS products appropriate for their environments.”

Products tested in the report include:

  • Cisco® IPS 4260 Sensor
  • IBM Proventia® Network IPS GX4004
  • IBM Proventia Network IPS GX6116
  • Juniper Networks® IDP-250
  • Juniper Networks IDP-600c
  • Juniper Networks IDP-800
  • McAfee® M-1250
  • McAfee M-8000
  • Sourcefire 3D® 4500 Network IPS
  • Stonesoft StoneGate™ IPS-1030
  • Stonesoft StoneGate IPS-1060
  • Stonesoft StoneGate IPS-6105
  • TippingPoint® TP 10 IPS
  • TippingPoint 660N IPS
  • TippingPoint 2500N IPS

Key findings from the report show:

  • Organizations that do not tune their IPS products could be missing up to 44 percent of “catchable” attacks.
  • Vendors overstated their product performance levels by 12 to 50 percent.
  • The protection effectiveness, performance, and labor required of lower-priced products rarely make them a better value.
  • Product guidance from NSS Labs on each product, indicated as “Recommended,” “Neutral,” or “Caution.”

NSS Labs is also introducing Exposure Reports to assist organizations in plugging holes in front of critical assets. These unique reports are the first ever to detail specific threats that products do not protect against.

Copies of the IPS Comparative Group Test Report are available for $1,800 per copy. Individual Product Test Reports providing the details of a specific product’s results are available for $600 per copy. All reports can be purchased here. NSS Labs also offers annual subscriptions to its information services.