NSS Labs conducted a test of multiple IPS solutions from 7 well-known vendors in Q4, 2009. Their full report is available for purchase here (if you are interested in a copy of the full report, let us know as we’ve still got a limited number to give away and we’ve also negotiated a special deal for “friends of Endace”).

The NSS testing revealed issues with IPS performance that tally with our experience in the field, and which we felt are important for people to know about. So, with agreement from NSS, we’ve just released a graph (anonymised) from the NSS IPS testing. This showed that, even with tuned rule-sets, the average block-rate performance of the IPS solutions tested was just 57%.

The best performing system (at a block-rate of 80%) was from a vendor that uses an open source DPI  engine, an approach that we fully endorse. Endace’s own philosophy is that community-based, open-source security delivers the most effective  solution – which why we’ve backed both Snort and Suricata (see our Best Practice Network Security page).

With IPS solutions delivering an average block rate of just 57%, organisations relying on IPS alone to protect their networks are going to be extremely exposed to attack. This level of performance demonstrates the validity of a “defence in depth” strategy and highlights the need for additional systems to warn against attacks that are not detected and blocked by IPS solutions. In our view organisations can’t afford to rely solely on IPS to secure their networks – they need a high quality IDS to back up their active IPS deployments. The research also highlights the lack of IPS solutions available that will demonstrably perform in ultra-high-bandwidth environments.

A copy of the graph, and our take on what the results mean is here: www.endace.com/best-practice-network-security.html

If you want to know more about these results, talk to us as we still have some copies of the full report to give away. And if you are worried about the performance of your IPS solution, you might also be interested in our IPS Performance Benchmarking service. We’re currently offering a limited number of these free-of-charge – but if you are interested in taking up this opportunity let us know quickly as there is a lot of interest.

Tags: IPS, Performance Benchmarking

This entry was posted on Monday, May 24th, 2010 at 3:47 pm and is filed under General. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.