NSS Labs has announced the results of its Next Generation Intrusion Prevention System (NGIPS) Group Test. In the 2017 NGIPS Group Test, security effectiveness testing was expanded to reflect industry changes and new evasion techniques. NGIPS devices were tested against 157 evasions to evaluate how well they were able to detect and block them.
NGIPS are a critical component of a layered defense. According to the NSS Labs Enterprise Security Architecture study, 87.6% of US enterprises implement NGIPS. These devices augment other security controls by using heuristics, reputation services, and sandboxing to catch sophisticated attacks such as zero-day and advanced malware.
Nine products from eight market-leading security vendors were tested for security effectiveness, performance, stability and reliability, and total cost of ownership (TCO). Of these, six demonstrated a TCO above the test average and three demonstrated a TCO below the test average.
The comprehensive NSS Labs Exploit Library covers a diverse set of exploits focused on several hundred applications and operating systems. Protection from web-based exploits (live attacks) that are currently targeting client applications are measured using the NSS Labs continuous security validation platform. Using this platform, enterprises can gain continuous visibility into the efficacy of their security products as well as insight into the targeted, live threats impacting their overall risk posture.
Key findings from the test:
- Six products achieved a Recommended rating and three products received a Caution rating.
- Five out of the nine products tested missed evasions.
- Security effectiveness ranged between 25.0% and 99.90%.
- The average Security Effectiveness rating was 80.0%; six products received a Security Effectiveness rating above the average, and three received a Security Effectiveness rating below the average.
- TCO per Protected Mbps (Value) ranged between US$4 and US$38, with most tested products costing less than US$20 per protected Mbps.
- The average TCO per Protected Mbps was US$14; six products demonstrated value above the average, and three demonstrated value below the average.
- 157 evasion techniques were utilized in the test.
“The 2017 NGIPS Group Test results provide valuable insights that help enterprises understand the strengths and weaknesses in their security posture,” said Jason Brvenik, Chief Technology Officer at NSS Labs. “Using this information, enterprises can identify how to plan for and adjust their security investments to deliver the best protection possible against specific attacks. In this year’s test, only four of the nine products tested properly detected and blocked attacks when evasion techniques were applied, which underscores the need for continuous validation of security controls.”
The following products were tested:
- Check Point Software Technologies 15600 R77.30
- Cisco FirePOWER 8350 v184.108.40.206
- Forcepoint NGFW 3301 v6.2.1
- Fortinet FortiGate 600D v5.4.5
- IBM QRadar Network Security XGS 5200 v5.4.0
- McAfee IPS-NS9100 v220.127.116.11
- Palo Alto Networks PA-5250 v8.0.3-h4
- Trend Micro 7500NX v18.104.22.16884
- Trend Micro 8400TX v22.214.171.12415
NSS Labs is committed to providing empirical data and objective group test results that enable organizations to make educated decisions about purchasing and optimizing security infrastructure products and services. As with all NSS Labs group tests, there is no fee for participation, and the test methodology is available in the public domain to provide transparency and to help enterprises understand the factors behind test results. Click here for more information about our group test policies.
Click here for more information on this test and the test methodology used, or to purchase the individual Test Reports. Click here to download the Security Value Map™, which provides a graphic comparison of Security Effectiveness and TCO across the tested products.