|
By Mark Henricks
Today’s intrusion prevention systems are doing a
significantly better job at blocking hackers from corporate networks than as
recently as a year ago, according to a new study. But some products from major
vendors still fare poorly in intrusion tests, and the better security operation
has come at the expense of performance.
These results come from the latest Network Intrusion
Prevention System Comparative Group Test Report by independent security testing
organization NSS Labs, which was released Jan. 10. During the last quarter of
2010, NSS examined 13 IPS products from leading vendors.
Products tested included Check Point Power-1 11065, Cisco
IPS 4260, Endace Core-100 (IDS), Fortinet Fortigate 3810, IBM GX6116, Juniper
IDP 8200, Juniper SRX 3600, McAfee M-8000, NSFOCUS NIPS 1200, Palo Alto Networks
PA-4020, Sourcefire 3D 4500, Stonesoft IPS 1205, and Stonesoft IPS 3205.
The products were subjected to 1,179 enterprise-class
exploits using NSS’s testing methodology. The products were first tested using
the default or “recommended” settings and then again after they were further
tuned by a representative from the vendor.
None of the vendors were charged for the tests. NSS is
selling an analysis and report of the results for $1,800 but made public some
highlights. They include:
- On average, the security effectiveness of the devices as a
group improved to 62 percent when tested with their default settings.
- Some systems using default settings tested as low as 31
percent effective, meaning that tuning factory systems is crucial for most
solutions.
- Several products still failed anti-evasion testing, which
NSS Labs said meant there were “gaping holes in defenses.”
- The performance of the IPS devices has declined. One
achieved just 3 percent of claimed throughput, NSS said.
CSO
Online said that details from the testing included the fact that using
default settings the McAfee M-8000 scored the highest at 92 percent
effectiveness. The IBM GX6116 was worst, with 31 percent effectiveness, the
publication said. After tuning, Sourcefire’s 3D 4500 topped the scores, at 98
percent. The Endace Core-100 was least effective at 43 percent.
Overall, the testing organization said, some of the
multifunction gateways for the first time provide credible alternatives to
stand-alone IPS products for mid-market deployments. The last time the company
tested such products, at the end of 2009, the group of seven vendors included
TippingPoint. However, this time the HP subsidiary declined to participate,
according to published reports.
“Cyber criminals have all the time in the world to plan and
attempt attacks. Our data and analysis are based on multiple man-years of
complex, real-world testing that mimic how cyber-criminals are working to
penetrate corporate defenses,” said Rick Moy, president of NSS Labs. “This
report answers the critical questions on product capabilities and limitations
that enterprises cannot answer without great effort and investment in time,
equipment, and specialized expertise.”
Only registered users can write comments.
Please login or register. |
