Press

NSS Labs Announces Results of Second Edition of 2018 Data Center Intrusion Prevention System Group Test

October 30, 2018
Three Products Receive Recommended Rating

AUSTIN, Texas – October 30, 2018 – NSS Labs, Inc., a global leader and trusted source for independent, fact-based cybersecurity guidance, today announced the results of the second edition of its 2018 Data Center Intrusion Prevention Systems (DCIPS) Group Test. Three products from market-leading security vendors were evaluated for security effectiveness, resistance to evasion, stability and reliability, total cost of ownership (TCO), and performance. This second edition of the 2018 DCIPS Group Test is one of two data center network security (DCNS) tests conducted by NSS Labs. A group test of data center security gateway products will be released shortly.

DCIPS devices monitor and block malicious activities using deep packet inspection and application/user awareness and control capabilities. These devices handle traffic for potentially hundreds of thousands of users who are accessing large applications and/or computing servers hosted in the data center. Enterprise servers and applications protected by DCIPS host a myriad of content such as streaming audio and video, retail and business-to-business (B2B) e-commerce, and mission-critical business applications.

The data center transformation market size was US$5.86 billion in 2017 and is projected to reach US$12 billion by 2023, at a compound annual growth rate (CAGR) of 13.2%. In a 2018 NSS Labs Security Insight Study, 56% of the US enterprises surveyed reported deploying a DCIPS to protect their data center, and 10.6% of those surveyed reported plans to acquire a DCIPS in the next 12 months.

New to this edition of the DCIPS Group Test is expanded performance testing covering transactional, multimedia, and corporate real-world data center traffic profiles.

Key Takeaways

  • Data center technologies are changing rapidly in response to the adoption of social media, streaming video, teleconferencing, and other bandwidth-intensive technologies. Many factors must be taken into account in order to understand the performance of a data center security product, and each of these factors can be critical in evaluating its value.
  • The most serious exploits are those that result in a remote system compromise, providing the attacker with the ability to execute arbitrary system-level commands on the target server. Attackers are developing new weaponized techniques to exploit server vulnerabilities at an increasing pace.
  • Attackers can modify basic attacks to evade detection in a number of ways. If a device fails to detect a single form of evasion, any exploit can pass through the device, rendering it ineffective. What’s worse, when an attacker successfully uses an evasion to bypass defenses, there is no trace of the attack. Products were tested against 99 evasions to evaluate how well the products were able to detect the evasions.
  • NSS Labs research has found that the key threats detected in US enterprise data centers include HTML injection, SQL injection, cross site scripting (XSS), OS command injection, and more.
  • Even though attacks against desktop client applications are mainstream, servers will always be the primary targets in data center deployments, so tuning is critical. NSS Labs research has determined that the majority of enterprises tune their DCIPS products. All DCIPS products in this test were optimally tuned similar to a typical customer deployment, keeping in mind security effectiveness and performance.

1Markets and Markets “Data Center Transformation Market by Service Type (Consolidation Services, Optimization Services, Automation Services, and Infrastructure Management Services), Tier Type, End-User, Data Center Size, Vertical, and Region – Global Forecast to 2023, July 2018

2NSS Labs 2018 Security Insight Study, August 14, 2018

The 2018 NSS Labs DCIPS Group Test included:

  • More than 2,300 attacks, which included 99 unique evasion samples
  • For all products, the resiliency testing was their Achilles heel; the average block rate here was only 74%.
  • More than 600 Tbps of throughput was utilized during testing.
  • Throughput of tested products ranged from 12.2 Gbps to 91.3 Gbps depending on the data center profile assessed

“Enterprises are continuously adapting their data centers to include new capabilities, such as cloud computing and virtualization,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “No two data centers are alike. With new scenario-based testing, the second edition of the 2018 Data Center Intrusion Prevention System Group Test provides valuable insights regarding which products are best suited for an enterprise’s data center requirements.”

The following products were tested:

  • Fortinet FortiGate 3200D v5.4.10 GA Build 7811
  • Fortinet FortiGate 6300F v5.4.10 GA Build 4283
  • Trend Micro TippingPoint TPS 8400TX v5.1.0.4965

Unverified Products:

  • Cisco
  • Huawei
  • McAfee

As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results.