Why NGIPS is Important
Next generation intrusion prevention systems (NGIPS) are devices that decode and inspect network packets for exploits. NGIPS allow legitimate traffic to pass while also blocking attacks and resisting evasion techniques. An NGIPS must provide deep inspection of network traffic, closely monitor system activities for malicious attack activities, and provide protection against threats. NGIPS are typically placed behind NGFWs and implemented as inline devices that inspect and block traffic identified as malicious or unwanted.
Organizations purchasing an NGIPS should seek a device that offers high security effectiveness, a low false positive rate, and actionable alerts. Organizations should start with an NGIPS that best aligns with their organizational requirements and then tune appropriately. Our NGIPS group test results provide you with metrics on performance, security, and value that help you evaluate which NGIPS product is the best fit for your environment.
NSS Labs research found the top challenges experienced by enterprises with NGIPS technology are:
Cybersecurity is a never-ending game of cat and mouse. Attackers are developing new techniques to exploit vulnerabilities at an ever increasing pace. Which security products are capable of keeping up? NSS Labs' 24/7 live exploit testing is unique in the world. We provide visibility into which attacks are blocked, how long it takes a vendor to provide protection in their product, and how effective their protection is over time.
Attackers use evasions to bypass security controls. A single evasion can grant an attacker access to your network. What's worse, when an attacker successfully uses an evasion to bypass defenses, there is no trace of the attack. There are no logs; there are no alerts. Which products were the most resistant, and which were the least resistant, to evasions in our latest NGIPS Group Test?
An unstable device that disrupts traffic unexpectedly can ruin your day. Testing revealed some products had stability issues with certain versions. Find out which ones.
Thanks to rapid adoption of social media, streaming video, teleconferencing, and other bandwidth-intensive technologies, network behavior is changing rapidly. Which NGIPS products have adapted and what should you consider when you are designing your next-generation network?
Your expenses don't end when you purchase a product. Installation costs (people), software maintenance, and ongoing policy and log maintenance are some of the expenses you should plan for. Which products have the lowest Total Cost of Ownership over a multi-year period?
The Security Effectiveness of a device is determined by factoring the results of evasions testing and stability and reliability testing into the exploit block rate. In the NGIPS 4.0 Group Test, the Security Effectiveness of the tested products ranged from 25.0% to 99.8%. Find out how the different products fared.
A security product that fails to protect what's important to you can have catastrophic consequences for your organization. Just because a product is the least expensive doesn't mean it provides the best value or meets your needs. NSS Labs can help you determine which products are right for you.
Still have questions? Ask us! Any time we conduct a test, there is more information than we can possibly include in our test reports. NSS Research Analysts help clients from the world's most demanding organizations get the answers they need.
TCO per Protected
Mbps Ranged from
US$2 to US$199
5 out of 7
Products Achieved a
Between 25.0% and 99.8%
Attackers are "going back to the well," exploiting old vulnerabilities using variants of known exploits. That is why the NGIPS 4.0 Group Test introduced resiliency testing. A system's resiliency can be defined as its ability to protect against multiple variants of an exploit, not just the known exploit variant.
By testing resilience, NSS Labs enables you to know which NGIPS products will continue to protect you after the spotlight has moved on.
Providing results for a product's protection against exploits without fully factoring in evasions can be highly misleading in terms of understanding a product's security efficacy. That is why NSS Labs' Security Effectiveness score includes evasion techniques. The more classes of evasion that are missed (such as HTTP evasions, IP packet fragmentation, TCP stream segmentation, HTML obfuscation and resiliency), the lower a product's security efficacy. In the NGIPS 4.0 Group Test, NGIPS products were tested against 147 evasions to evaluate how well the products were able to detect and block the evasions.
NSS research has determined that the majority of enterprises do not tune their NGIPS products but rather rely on a vendor's default/recommended policies and settings. Therefore, all products in this test were tested using pre-defined vendor-recommended settings that ship with the product.
In NSS Labs testing, a unique formula, Total Cost of Ownership (TCO) per Protected Mbps, is used to enable value-based comparisons of NGIPS products in the market. TCO per Protected Mbps is calculated using three-year TCO, security effectiveness, and NSS-tested throughput.
Different vendors take different approaches to adding coverage once a vulnerability is disclosed. Attempts to provide rapid coverage for vulnerabilities that are not fully understood can result in multiple exploit-specific signatures that may be inaccurate, ineffective, or prone to false positives. Vendors that have the resources to fully research a vulnerability should be able to produce vulnerability-oriented signatures that provide coverage for all exploits written to take advantage of that flaw. This approach provides more effective coverage with fewer false positives.
Vendors may retire older signatures in attempts to alleviate product performance limitations; however, this may result in inconsistent coverage for older vulnerabilities and varying levels of protection across products.
Individual Test Reports
Test Reports provide detailed analysis for each product tested. Data from these reports is used in the NSS Labs Comparative Reports.
Test Reports enable enterprise security teams to understand the impact of features and limitations across different products. These reports are used to shortlist products for further evaluation and proof-of concept testing.