NSS Labs

February 26, 2014 10:22 ET

NSS Labs Testing Shows Intrusion Prevention Systems Ready for Data Center Deployments

AUSTIN, TX--(Marketwired - Feb 26, 2014) - NSS Labs today released its first Security Value Map™ and Comparative Analysis Reports for Data Center Intrusion Prevention Systems (IPS). In this new 2014 test, NSS evaluated 4 of the leading IPS products for data center deployments -- including the fastest IPS tested by NSS to date -- for security effectiveness, performance, enterprise management capabilities, and total cost of ownership.

NSS 2014 Data Center Intrusion Prevention Systems Security Value Map™ and Comparative Analysis Reports™ - Performance, Management, Security and Total Cost of Ownership

NSS's research yielded several key conclusions:

  • Data Center IPS Devices Score High in Security Effectiveness and Show Significant Differences In Protection between Tuned vs. Vendor Recommended Configurations: In this new 2014 test, 3 of the 4 products blocked over 98% when tuned by the vendor; with the exception of McAfee, vendor pre-defined (recommended) policies offered noticeably less protection. The overall scores for tuned devices ranged from 86.3% to 99.6% as compared to 81.7% to 99.2% for vendor recommended policies. McAfee had the highest block rates in both configurations at 99.6% tuned and 99.2% recommended.
  • Two of Four Vendors Tested Exceeded their Performance Claims: During NSS testing, devices often perform below their vendor-stated throughput rates, however, the two highest performing Data Center IPS devices significantly exceeded their stated performance claims; Sourcefire was the fastest product tested at 136,033 Gbps, approximately 58% higher than vendor claims. The lowest performing device performed almost 50% lower than its stated throughput.
  • Total Cost of Ownership on par with TCO results from 2014 Perimeter IPS Test: The overall TCO per protected Mbps ranged from $11.94 to $55.13 with most tested devices costing below $40 per Protected-Mbps with an overall average of $30 per Protected-Mbps.

Commentary: Bob Walder, Chief Research Officer, NSS Labs

"In 2014, NSS introduced an intrusion prevention system (IPS) test focused on data center deployments. Enterprises need to constantly evaluate their security vendors and select technologies that are the right fit for these critical deployment areas and their own risk thresholds," said Bob Walder, Chief Research Officer, NSS Labs. "Because there is often significant tuning involved in an IPS deployment, we tested both tuned and recommended configurations this year. With one notable exception, we found that the level of protection offered by a tuned device configuration is considerably higher than the vendor's recommended or default device configuration."

The 2014 Security Value Map™ for IPS Data Center, Comparative Analysis Reports™, and Product Analysis Reports™ for each vendor are currently available to NSS Labs' subscribers at

The products covered in the 2014 Group Test for IPS Data Center are:

  • Fortinet FortiGate 5104B
  • Juniper SRX 5800
  • McAfee NS-9300
  • Sourcefire 8290

About NSS Labs, Inc.
NSS Labs, Inc. is the world's leading information security research and advisory company. We deliver a unique mix of test-based research and expert analysis to provide our clients with the information they need to make good security decisions. CIOs, CISOs, and information security professionals from many of the largest and most demanding enterprises rely on NSS Labs' insight, every day. Founded in 1991, the company is located in Austin, Texas. For more information, visit

© 2014 NSS Labs, Inc. All rights reserved. All brand, product and service names are the trademarks, registered trademarks, or service marks of their respective owners.

Contact Information

  • Contact:
    ReseAnne Sims
    Sr. Manager, Public Relations
    NSS Labs
    Phone: +1 (832) 741-7373