You might recall that The NSS Group periodically releases in-depth test reports that can be very useful to security administrators looking for solutions. Over the past couple of years, I have written twice about the group's product testing for Intrusion Detection Systems (IDSs) and Intrusion Prevention Systems (IPSs). In my September 24, 2003 article "Evaluating Intrusion Detection Systems," I wrote about the group's tests of IDSs for 10Mbps/100Mbps Ethernet and Gigabit Ethernet networks. In my March 17, 2004 article "Evaluating Intrusion Prevention Systems," I wrote about the group's tests of IPSs.
http://www.windowsitpro.com/Article/ArticleID/40338
http://www.windowsitpro.com/Article/ArticleID/42065
The NSS Group recently finished its second round of tests and has made the results available online. According to the group, testing "consists of seven sections within three primary areas: performance and reliability, security accuracy, and usability." The group also said that "the brand new test suite contains more than 800 individual tests, many of which are run multiple times, to provide the most thorough and complete evaluation anywhere of IPS products available today."
An interesting tidbit from the latest report is that nine vendors signed up for the recent tests. However four of the products didn't make the cut during stringent testing, so the final report covers the five remaining products. The current report includes detailed test information about BroadWeb NetKeeper NK-3256T 3.6.0, Fortinet FortiGate-800, SecureSoft Absolute IPS NP5G 1.1, Top Layer IPS 5500 3.3, and V-Secure V-100 7.0.
A couple of other interesting notes are related to performance. During earlier tests, The NSS Group measured IDS and IPS top traffic-processing speeds of 1Gbps to 2Gbps; this year, top speeds well exceeded that threshold. So the group decided to launch a new multigigabit IPS test later this year. Ten vendors have reportedly already signed up for the next test.
It's also interesting to note that industry analysts had previously claimed that IDS and IPS systems were things of the past. But something is seriously wrong with that "analysis," because IDS and IPS systems are still being used, and according to The NSS Group, the number of available products has actually grown!
The group said that over the last year, it has improved the testing suite and introduced a new methodology to conduct in-depth tests of rate-based IPS systems, which gives a more accurate evaluation of their capabilities as compared to the evaluation of content-based IPS systems.
The report itself is great information for security administrators looking for evaluations of prospective product choices. The report is also valuable in that it offers details about the group's test methodologies as well as about the hardware and software solutions the group uses to conduct its tests.
As has been the case in the past, the results of the new report are freely available at the group's Web site (see the first URL below). If you missed the past reports, you can find those online too (see the second URL below). If you want a copy of all reports on CD-ROM or copies of selected reports in PDF format, you can purchase those at the Web site.
http://www.nss.co.uk/ips/edition2/index.htm
http://www.nss.co.uk/download/download.htm
Until next time, have a great week.
