SOURCE: NSS Labs

NSS Labs

April 20, 2015 11:00 ET

NSS Labs Publishes First Test of Next Generation Intrusion Prevention System Products

AUSTIN, TX--(Marketwired - Apr 20, 2015) - NSS Labs today released its first Security Value Map™ (SVM) and Comparative Report series for Next Generation Intrusion Prevention System (NGIPS) in which the leading NGIPS products on the market were evaluated for security effectiveness, performance, and total cost of ownership (TCO).

A key differentiator for NGIPS products is the integration of several components, including intrusion prevention, reputation systems, and application identification, within a single platform. NSS research indicates that this segment has supplanted traditional Network Intrusion Prevention Systems and is continuing to grow at nearly 5% per year, exceeding $1.7 billion by the end of 2018.

The products covered in the 2015 NGIPS Group Test are:

  • Cisco FirePOWER 8350
  • Fortinet FortiGate-1500D
  • HP TippingPoint S7500NX
  • IBM Security Network Protection XGS 5100
  • IBM Security Network Protection XGS 7100
  • Palo Alto Networks PA-5020

NSS's research yielded several key conclusions:

  • NGIPS protection ranged from 86.6% to 99.5% for overall security effectiveness.
  • Live Attacks Make a Difference: The NSS live test segment measures how effectively products block attacks being used by threat actors in current campaigns, and it is a strong indicator of NGIPS protection against mainstream attacks. In this critical test, protection effectiveness between products varied in excess of 25% with only one product achieving a 100% block rate.
  • Most Vendor Performance Claims Hold Up in Testing: Five (5) out of six (6) products outperformed their vendor-stated throughput rates during testing this year. Four (4) vendors had products that achieved throughput rates over 20% higher than their stated rates.
  • Product Costs Vary: TCO per Protected Megabit (Mbps) ranged between $4.95 and $25.30.
  • Reputation systems show promise. Real-time communication with cloud systems and other forensic technologies bolster the performance of NGIPS over traditional IPS technologies.

"The Next Generation Intrusion Prevention System will continue to evolve as a modern replacement for inline prevention devices," said Mike Spanbauer, VP of Research at NSS Labs. "As evasions, techniques, and protocol attacks become more sophisticated, reputation services and other real-time technologies that augment these protections will provide competitive differentiation and improved security for the enterprise."

The NSS Labs NGIPS Security Value Map™, Comparative Reports™, and Test Reports™ for each vendor are currently available to NSS Labs' subscribers at www.nsslabs.com. To receive a free copy of the SVM Graphic, click here.

About NSS Labs, Inc.
NSS Labs, Inc. is the world's leading information security research and advisory company. We deliver a unique mix of test-based research and expert analysis to provide our clients with the information they need to make good security decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS Labs' insight, every day. For more information, visit www.nsslabs.com.

© 2015 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.

Contact Information

  • Contact:
    Tom Resau
    W2 Communications
    Phone: +1 (703) 877-8103
    tom@w2comm.com