Next Generation Intrusion Prevention Systems Test Results
2,577,402 suspicious URLs yielded over 2,400 drive-by exploits used by threat actors in active campaigns.
Two products received Caution ratings. Two products received Neutral ratings. Four products were Recommended.
Cyber-criminals have become more aggressive over the past years, increasingly targeting corporate assets. Vulnerability disclosures in widely deployed operating systems and applications are a growing problem. Designed to identify and block attacks, a good NGIPS can provide temporary protection from the immediate need to patch vulnerable systems. An NGIPS must catch sophisticated attacks without producing false positives or degrading network performance.
Using the NSS NGIPS Test Methodology v2.0, NSS Labs performed the most comprehensive NGIPS test to date. Products were tested from June 2016 through September 2016, with a live component of drive-by attacks from August 28th 2016 through September 26th 2016, using NSS Labs’ Cyber Advanced Warning System™ (CAWS).
- 1,986 exploits were deployed from NSS Labs’ extensive exploit library.
- 120 evasion techniques were utilized in the test.
- 2,577,402 suspicious URLs yielded more than 2,400 drive-by exploits used by threat actors in active campaigns at the time of testing; the largest live test ever conducted.
- Active drive-by exploits were tested for up to three days resulting in 48,488 discrete test cases across over 7,000 live victim machines.
Test highlights include:
- Two (2) products received a Caution rating (25% of products tested)
- Two (2) products received a Neutral rating.
- Four (4) products achieved a Recommended rating
- Security Effectiveness ranged from 24.9% to 99.9%
- One (1) product leaked attacks under heavy traffic loads when state preservation was exceeded.
- Three (3) products were rated below their stated throughput; the other five (5) were rated at or above their stated throughput.
- There was no direct correlation between price and effectiveness; more expensive products did not always do better. Total Cost of Ownership (TCO) per Protected Megabit per Second ranged from US$8 to US$27.
The following Vendors and Products Tested during this test:
- Check Point Software Technologies, Ltd. 13800 Next Generation Firewall Appliance vR77.20
- Cisco FirePOWER 8350 v6.0.1
- Forcepoint Stonesoft Next Generation Firewall 3301 v6.0.2
- Fortinet FortiGate 3000D v5.4.0
- IBM Security Network Protection XGS 7100 v18.104.22.168
- Intel Security McAfee Network Security Platform NS9100 v22.214.171.124
- Palo Alto Networks PA-7050 v7.0.4
- Trend Micro TippingPoint 7500NX v126.96.36.19925
The Next Generation Intrusion Prevention System SVM and Comparative Reports are available to NSS subscribers and can be purchased individually. Click here to learn more about becoming a NSS client.
|2016 Next Generation Intrusion Prevention
Security Value MapTM
|Get Your Free Copy Now|