Over the past few years of working with clients and testing IPS products, we began to notice some troubling trends. Some vendors missed more attacks than seemed acceptable. A number of vendors refused to participate in our testing—even at no cost. Enterprise readers asked some tough questions about current products and issues. And breaches resulting in compromised data continued to increase. Meanwhile, we heard several opinions from our clients, industry analysts, and researchers. These beliefs can be summarized as follows:
· IPS is a mature market. There is relatively little difference between products; thus, management and price are the key purchasing factors
· Best-of-breed products are more effective than those from strategic vendors who provide a wider range of products
· The market leader (from an installed base perspective) provides the best protection
· Organizations are protected as long as they keep their IPS systems updated
This group test set out to determine if these beliefs were correct. In order to garner the greatest participation, and allay any potential concerns of bias, we invited all leading vendors to submit their products at no cost. Every vendor below brought and configured their best Network IPS products; all were generally available (GA), no Beta or otherwise unavailable products were included. The following is a current list of the products that were tested, sorted alphabetically:
1. Cisco IPS 4260 Sensor, version 444.0
2. IBM Proventia Network IPS GX4004, version 29.100
3. IBM Proventia Network IPS GX6116, version 29.100
4. Juniper Networks IDP-250, version 5.0.110090831
5. Juniper Networks IDP-600c, version 5.0.110090831
6. Juniper Networks IDP-800, version 5.0.110090831
7. McAfee M-1250, signature version 5.4.5.23
8. McAfee M-8000, signature version 4.1.59.23
9. Sourcefire 3D 4500, rules version 4.8.2.1
10. Stonesoft StoneGate IPS 1030, 5.0.1 build 5053 update package 261
11. Stonesoft StoneGate IPS 1060, 5.0.1 build 5053 update package 261
12. Stonesoft StoneGate IPS 6105, 5.0.1 build 5053 update package 261
13. TippingPoint (TP) 10 IPS, DV 2.5.2.7834
14. TippingPoint 660N IPS, DV 2.5.2.7834
15. TippingPoint 2500N IPS, DV 2.5.2.7834
Some vendors provided multiple test units of varying performance levels. Across the board, all vendors claimed identical protection across models.
The results will be shocking to most and have already generated plenty of buzz. 1,159 live exploits is the most ever tested. If you currently operate one of these products, or are considering investing in an IPS, the information in this exclusive test report is invaluable.
skip to main |
skip to sidebar
Security Product Testing
This blog contains perspectives and commentary on network, host and security product testing & certification, industry trends, and PCI compliance from NSS Labs experts.
Topics
- Testing (40)
- anti-malware (18)
- nsslabs (18)
- Security (14)
- Exploit (13)
- IPS (13)
- Products (13)
- events (11)
- PCI Compliance (10)
- Browser (9)
- Methodologies (8)
- vulnerability (4)
- Misc (3)
- News (3)
- Performance (2)
- Phishing (2)
- firewall (1)
Posts
