NSS Labs 2017 NGIPS Group Test

NGIPS security value map

NSS’ 2017 Next Generation Intrusion Prevention System (NGIPS) Group Test evaluated nine market-leading NGIPS products on security, security effectiveness, performance, and total cost of ownership (TCO). Six products achieved a Recommended rating; and three product received a Caution rating.


Key findings include:

  • Five out of the nine products tested missed evasions.
  • Overall Security Effectiveness ranged between 25.0% and 99.9%.
  • The average Security Effectiveness rating was 80.0%; six products received a Security Effectiveness rating above the average, and three received a Security Effectiveness rating below the average.
  • TCO per Protected Mbps ranged between US$4 and US$38, with most tested products costing less than US$20 per protected Mbps.
  • The average TCO per Protected Mbps rating was US$14; six products demonstrated value above the average, and three demonstrated value below the average.

The following products were evaluated:

  • Checkpoint 15600 vR77.30
  • Cisco FirePOWER 8350 v6.2.0.1
  • Forcepoint NGFW 3301 v6.2.1
  • Fortinet FortiGate 600D v5.4.5
  • IBM QRadar Network Security XGS 5200 v5.4.0
  • McAfee IPS-NS9100 v9.1.5.3
  • Palo Alto Networks PA-5250 v8.0.3-h4
  • Trend Micro 7500NX v3.9.2.4784
  • Trend Micro 8400TX v5.0.0.4815


To see how vendors performed with regard to Security Effectiveness and TCO per Protected Mbps, download a free copy of the NGIPS SVM graphic using the form to the right. NSS clients can also download the NGIPS Comparative Reports on Performance, Security, Security Value Map, and TCO here.

As with all NSS Labs group tests, there was no fee for participation. In addition, the test methodology applied is in the public domain to provide transparency and to help enterprises understand the results.

2017 Next Generation Intrusion Prevention System (NGIPS)
Security Value MapTM
Get Your Free Copy Now