NSS Labs Report: IPS Vendors Making Strides (CDSA)

By Chris Tribbey

NSS Labs’ latest round of testing of intrusion prevention systems (IPS) found IPS vendors are making big strides in lowering the total cost of ownership and improving performance, though some services require a lot more upkeep than others.

The IPS services tested included Check Point 13500, Dell SonicWALL SuperMassive E10800, Fortinet FortiGate-D3600C, HP TippingPoint S7500NX, IBM GX7800, Juniper SRX5800, McAfee NSD9100, McAfee NSD9200, Sourcefire 7120 and Stonesoft 3206.

“No two network security products deliver the same security effectiveness or throughput, making precise comparisons extremely difficult,” the report reads. “In order to capture the relative value of devices on the market and facilitate such comparisons, NSS Labs has developed a unique metric to enable value-based comparisons: [total cost of ownership, or TCO] per protected megabit per second.”

Using that metric — which combined security effectiveness and NSS-tested throughput by Mbps — Fortinet FortiGateD3600C came out on top with the lowest TCO per protected Mbps at $11. Juniper SRX5800 was the highest at $50.

“The benefit from this analysis is that, within a given performance range, it can provide some insight as to whether a product is priced above or below the majority of its competitors,” the report reads. “A high price could indicate a premium based upon protection offered, brand recognition, level of customer service, or a price penalty for an underperforming product.”

In terms of security effectiveness, Sourcefire 7120 scored the highest, with a rating of 97.9%. IBM GX7800 was second with 95.7%. The lowest rate of security effectiveness was Juniper SRX5800 (89.2%).

The study also looked at the annual labor required to maintain each device, with IBM GX7800 and Juniper SRX5800 both requiring the most upkeep hours per year (16). Six tied for the lowest (8 hours). In terms of upkeep and tuning, Juniper SRX5800 required the most combined hours per year (2,000) while Check Point 13500 required the fewest (1,000).

Dell SonicWALL SuperMassive E10800 had the highest annual cost of updates, $23,700, while five services had zero costs for updates.

To download a free copy of the report, click here.