Press

NSS Labs Testing Shows Intrusion Prevention Systems Ready for Data Center Deployments

February 26, 2014

AUSTIN, Texas – February 26, 2014 – NSS Labs today released its first Security Value Map™ and Comparative Analysis Reports for Data Center Intrusion Prevention Systems (IPS). In this new 2014 test, NSS evaluated 4 of the leading IPS products for data center deployments – including the fastest IPS tested by NSS to date – for security effectiveness, performance, enterprise management capabilities, and total cost of ownership.

NSS’s research yielded several key conclusions:

  • Data Center IPS Devices Score High in Security Effectiveness and Show Significant Differences In Protection between Tuned vs. Vendor Recommended Configurations: In this new 2014 test, 3 of the 4 products blocked over 98% when tuned by the vendor; with the exception of McAfee, vendor pre-defined (recommended) policies offered noticeably less protection. The overall scores for tuned devices ranged from 86.3% to 99.6% as compared to 81.7% to 99.2% for vendor recommended policies. McAfee had the highest block rates in both configurations at 99.6% tuned and 99.2% recommended.
  • Two of Four Vendors Tested Exceeded their Performance Claims: During NSS testing, devices often perform below their vendor-stated throughput rates, however, the two highest performing Data Center IPS devices significantly exceeded their stated performance claims; Sourcefire was the fastest product tested at 136,033 Gbps, approximately 58% higher than vendor claims. The lowest performing device performed almost 50% lower than its stated throughput.
  • Total Cost of Ownership on par with TCO results from 2014 Perimeter IPS Test: The overall TCO per protected Mbps ranged from $11.94 to $55.13 with most tested devices costing below $40 per Protected-Mbps with an overall average of $30 per Protected-Mbps.

Commentary: Bob Walder, Chief Research Officer, NSS Labs

“In 2014, NSS introduced an intrusion prevention system (IPS) test focused on data center deployments. Enterprises need to constantly evaluate their security vendors and select technologies that are the right fit for these critical deployment areas and their own risk thresholds,” said Bob Walder, Chief Research Officer, NSS Labs. “Because there is often significant tuning involved in an IPS deployment, we tested both tuned and recommended configurations this year. With one notable exception, we found that the level of protection offered by a tuned device configuration is considerably higher than the vendor’s recommended or default device configuration.”

The products covered in the 2014 Group Test for IPS Data Center are:

  • Fortinet FortiGate 5104B
  • Juniper SRX 5800
  • McAfee NS-9300
  • Sourcefire 8290