Evaluating Intrusion Prevention Systems

Last September, I wrote about an evaluation of Intrusion Detection Systems (IDSs) conducted by the UK-based NSS Group. If you missed that edition of this newsletter or want to review it, you can read it at the following URL:


Recently, Bob Walder (director of The NSS Group) wrote to let me know that his organization has recently published a set of test results for Intrusion Prevention Systems (IPSs). The NSS Group defines an IPS as a proactive defense mechanism that detects attacks and stops them before they can do any damage.

You might recall that last year, Gartner claimed that IDSs/IPSs were no longer useful and that "deep inspection firewalls" were the wave of the future. Walder said that The NSS Group's test results show that Gartner is wrong, and that "deep inspection firewalls may well be where the industry ends up, \[however\] those devices are a long way from being ready for prime time right now. Our report shows that IPS \[is\] ready for prime time deployments and as the technology develops it will be interesting to see whether those 'deep inspection firewalls' actually evolve from present day firewalls ... or whether they evolve from current IPS products!"

The NSS Group decided to test IPS products to determine their effectiveness, viability, and validity as security solutions. The NSS Group invited all major IPS vendors to participate, and five companies responded: Internet Security Systems (ISS), NetScreen Technologies, Network Associates, TippingPoint Technologies, and Top Layer Networks.

All told, The NSS Group performed more than 750 tests against each of the products to determine the performance and reliability, security accuracy, and usability of each one. When the tests were complete, the group wrote its detailed results and analysis into a 277-page report.

If you use one of the tested products or are considering acquiring an IPS to protect your network, you'll probably find this report invaluable. Be sure to check it out. It's available online in HTML format, or you can purchase a PDF version at The NSS Group's Web site.


TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.