A test of 13 intrusion prevention systems

NSS Labs released its network IPS comparative group test report for the fourth quarter of 2010.

In the year since NSS Labs’ last IPS test, attackers have refined their strategy and have increased both the volume and the intelligence of their attacks. “Drive-by” downloads and exploits have been combined with disciplined attacks such as Operation Aurora, and the Zeus and Skynet botnets which target financial institutions.

Test results point towards the need for organizations to continually evaluate their IPS options to make sure they are not overpaying for an underperforming solution.

NSS Labs compared the products head-to-head against 1,179 live, enterprise-class exploits using its real-world testing methodology. Products were tested using the vendor’s default or “recommended” settings and then again as tuned by a vendor representative. New in this year’s report is the Security Value Matrix (SVM), which allows enterprises to compare the cost and effectiveness of tested products on an apples-to-apples basis.

Key findings from the report show:

  • Security effectiveness has improved on average since 2009 to 62% (default). With some default policies as low as 31%, tuning remains crucial for most solutions. Several vendors still failed the anti-evasion testing, leaving gaping holes in defenses.
  • Performance has decreased in general over the last year, with one vendor achieving just 3% of its claimed throughput.
  • For the first time, a few multifunction gateways are proving a credible alternative to stand-alone IPS products for mid-market deployments.

IPS vendors were invited to participate in the test at no cost. All testing was conducted independently and was not paid for by any vendor. Products tested in the report include:

  • Check Point Power-1 11065
  • Cisco IPS 4260
  • Endace Core-100 (IDS)
  • Fortinet Fortigate 3810
  • IBM GX6116
  • Juniper IDP 8200
  • Juniper SRX 3600
  • McAfee M-8000
  • Palo Alto Networks PA-4020
  • Sourcefire 3D 4500
  • Stonesoft IPS 1205
  • Stonesoft IPS 3205.

The report is available now to NSS Labs’ subscribers while non-clients can purchase the report for $1,800 per user.

Don't miss