IPS Improving

InfoWorld reports that independent security research and testing firm NSS Labs has released its most recent “Network Intrusion Prevention System (IPS) Comparative Group Test Report” for the 4th quarter of 2010.  A 2009 report found that security effectiveness ranged from a very poor 17.3% to a high of 89.5%.  Many of the previous year’s failures were due to vendors’ inability to detect and handle IDS/IPS evasion techniques.




NSS Labs has found significant improvements:

  • Security effectiveness, using the default factory-shipped settings, rose to 62%.  Be careful though, some default settings reached a mere 31% effectiveness.
  • A number of multi-function gateways rose to comparable effectiveness as dedicated network IPS gear.
  • Tuning is still required, adding an average increase of 21% more protection.
  • The improvements in security came with a price.  Performance of these devices decreased overall.  One vendor reached only 3 % of its advertised throughput.

Gear from Check Point, Endace, Fortinet, IBM, Juniper, McAfee M-8000, NSFOCUS, Palo Alto Networks, Sourcefire, and Stonesoft were tested.