IPS, Whom to believe: Gartner or NSS Labs?

In its Magic Quadrant for Network Intrusion Prevention System Appliances, dated April 14, 2009 Gartner positioned TippingPoint and Juniper Networks as leaders in field, together with McAfee andSourcefire.

However, these days (December 2009), there are a lot of talks about not encouraging results of test done by NSS Labs related to IPS solutions of these companies.

An independent test and evaluation of 15 different network intrusion-protection system products from seven vendors showed none were fully effective in warding off attacks against Microsoft, Adobe and other programs. NSS Labs, which conducted the test without vendor sponsorship of any kind, also evaluated the 15 network IPS offerings for their capability in responding to “evasions,” attacks delivered in an obfuscated and stealthy manner in order to hide. In that arena, Juniper Networks and TippingPoint didn’t perform particularly well. Juniper IPS scored lowest at only 17% effectiveness. Here is article on NetworkWorld. In that arena, the McAfee and IBM IPS held up particularly well.

TippingPoint’s president Allan Kessler posted his view on blog. Also, this topic become active on SecurityFocus mail lists with Focus on IDS (here).

It is my belief that this report and tests will affect IPS market, but also trust into various reports from [independent] research and testing houses.

Updated on December 11th, 2009: Also see Rick Moy’s blog post “Network IPS Group Test Results Available.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.