« More On Possibility and "Risk" | Main | 2010 Prognostication »

NSS Labs Releases IPS Results

NSS Labs released their Q4 2009 Network IPS Comparative Test Report last week, and it's a whopper! The following findings are very interesting:
* Tuning Is Very Important: While some vendors did ok out-of-box, the simple fact was that tuning greatly improved the effectiveness of even the worst performing system. It's imperative that a skilled engineer by brought in for initial tuning, and that tuning be done on a regular basis.
* You Get What You Pay For: It was striking to me how poorly Juniper did in the testing. They were the worst product by a long shot. It goes to show that saving big bucks is only useful if the product still does a decent job. However, sometimes cheap is just that: cheap.
* Surprising Top-Performers: The top recommendations were for IBM and McAfee products, with Sourcefire coming in at third. You'd expect Sourcefire to do well, and they definitely did not disappoint (except for missing one class of fragmentation avoidance technique). However, who would have guessed that IBM and McAfee were producing top-of-the-line products? These vendors must be ecstatic. Let's hope that it serves to motivate their competition to step up their respective games.

If you're going through IPS product selection, then this is a must-read report. It covers products from Cisco (1), IBM (2), Juniper (3), McAfee (2), Sourcefire (1), Stonesoft (3), and TippingPoint (3). Hopefully next go-round it will also include some other vendors, such as Nitro Security, to see how they compare, particularly out-of-the-box.

TrackBack

TrackBack URL for this entry:
http://www.secureconsulting.net/MT/mt-tb.cgi/969

Listed below are links to weblogs that reference NSS Labs Releases IPS Results:

» Endpoint Security HIPS Flayed By NSS Labs from The Falcon's View
Our good friends at NSS Labs have released a new report today independently evaluating the effectiveness of Host Intrusion Prevention Services (HIPS) that are integrated into most mainstream security suites. In this go-round, they've evaluated solution... [Read More]

Comments (2)

TheCustos:

I have to be honest, I have been deciding between both McAfee and Sourcefire during a POC, and I am really leaning McAfee... I was shocked that I felt that way, but it just feels like a more solid product, and both NSS and Gartner now support it.

Ben:

@TheCustos -

I have to admit to being completely floored by the results wrt McAfee, but as such am now very interested to see and hear more.

Thanks for the comment!

-ben

Post a comment

About

This page contains a single entry from the blog posted on December 14, 2009 2:33 PM.

The previous post in this blog was More On Possibility and "Risk".

The next post in this blog is 2010 Prognostication.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.