|
Intrusion Prevention Systems
Group Test (Edition
3)
Foreword
Following the huge success of the first comprehensive Intrusion
Prevention System (IPS) test of its kind, The NSS Group is pleased
to present the results of its third IPS Group Test, the largest so far,
which includes a number of new products not included in the first two
reports.
As
with the first two Editions, this exhaustive review will give readers a
complete perspective of the capabilities, maturity and suitability for
immediate deployment of each of the products tested. The NSS Group
established this test as IPS products are being actively deployed as a
new layer in defence-in-depth security architectures.
The
NSS IPS Group Test evaluates the performance, reliability, security
effectiveness, and usability of Network IPS products. The test consists
of seven sections within three primary areas: performance and
reliability, security accuracy, and usability.
Overall, the brand new test suite contains over 800 individual tests,
many of which are run multiple times, to provide the most thorough and
complete evaluation of IPS products available anywhere today. The NSS
Group has developed advanced testing methodologies for both
Rate-Based IPS and Content-Based IPS products, since these
devices are often very different in operation, although all products
tested in this edition of the report are content-based.
It
is worth pointing out that not every product submitted for testing
receives an NSS Approved award. Standards are very high, and only
those appearing in this report have received NSS Approved awards.
For this latest round of testing, twelve vendors submitted a total of
fourteen products for testing, and ten of these passed our stringent
testing to receive NSS Approved. It is heartening to note that this is a
much-improved success ratio over the previous round.
We
believe that our IPS test methodologies - which have been updated again
for this test - will become the de facto standard for testing
in-line Intrusion Prevention/Attack Mitigation devices, and the NSS
Approved logo an essential item on the list of requirements when
purchasing these products.
We
also believe that this report is essential reading for anyone
considering deploying Intrusion Prevention Systems in their networks,
either in a test or live situation, and we hope that you find it both
informative and useful in making your purchasing decisions. The latest
IPS Group Test report can be viewed on-line at www.nss.co.uk/ips
Bob Walder
Table of Contents
Introduction
Intrusion
Prevention Systems (IPS)
Host IPS (HIPS)
Network IPS (NIPS)
Rate-Based
IPS (Attack Mitigator)
Detection Methods
Pattern Matching
Stateful Pattern
Matching
Protocol Decode
Heuristic Analysis
Anomaly Analysis
Which
Detection Method Is The Best
Implementation
Challenges
Requirements for effective prevention
The
NSS Intrusion Prevention Group Test
Performance
Security Effectiveness
Usability
Summary
The Market
The Products
Content-Based IPS Product Reviews
Cisco IPS-4255
V5.0(3)
Executive Summary
Architecture
Cisco IPS 4200 Series sensor appliances
Command
Line Interface
IPS Device
Manager
CiscoWorks VMS
Performance
Security
Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and
Analysis
Verdict
Contact Details
Cisco IPS-4240
V5.0(3)
Executive Summary
Architecture
Performance
Security
Effectiveness
Usability
Verdict
Contact Details
Intoto IntruPro V3.0
Executive Summary
Architecture
Performance
Security Effectiveness
Usability
Installation
Configuration
Policy
Management
Alert Handling
Reporting and Analysis
Verdict
Contact Details
McAfee IntruShield
4010
Executive Summary
Architecture
IntruShield Sensor
IntruShield Security Management System (ISM)
Update Server
Performance
Security
Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and
Anaylsis
Verdict
Contact
Juniper Networks IDP 600F
V3.1
Executive Summary
Architecture
IDP Sensor
Detection Engine
High Availability
IDP Management
Server
User Interface
(UI)
Performance
Security
Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and
Analysis
Verdict
Contact Details
NFR Sentivist Smart Sensor 100C
Executive Summary
Architecture
Sentivist Server
Sentivist Enterprise
Console
Administration
Interface
Sentivist Smart Sensor
Performance
Security Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and Analysis
Verdict
Contact Details
Radware
DefensePro-3000 V2.43
Executive Summary
Architecture
DefensePro
Web-Based Management Interface
Command Line Interface (CLI)
Configware Insite
Performance
Security Effectiveness
Usability
Installation
Configuration
Policy
Management
Alert
Handling
Reporting and Analysis
Verdict
Contact Details
SecureWorks
iSensor 850 V5.3
Executive
Summary
Architecture
The Secure Operations Centre (SOC)
iSensor
Performance
Security
Effectiveness
Usability
Installation
Configuration
Policy
Management
Alert Handling
Reporting
and Analysis
Verdict
Contact Details
Symantec SNS
7160 V4.0.0.9
Executive Summary
Architecture
Symantec Network Security Console
Sensor Software
7100 Series
Appliance
SNS Clusters
Fail Over Groups
Performance
Security
Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and
Analysis
Verdict
Contact Details
Westline Athena
Aegis IPS 510L V2.1
Executive Summary
Architecture
Athena Aegis
IPS Appliance
Intrusion Management Centre (IMC)
JConsole
Performance
Security
Effectiveness
Usability
Installation
Configuration
Policy Management
Alert Handling
Reporting and
Analysis
Verdict
Contact Details
Content Based IPS Testing Methodology
The
Test Environment
Section 1 - Detection Engine
Section 2 - Evasion
Section 3 - Stateful Operation
Section 4 - Detection/Blocking Performance Under Load
Section 5 - Latency & User Response Times
Section 6 - Stability & Reliability
Section 7 - Management and Configuration
Content-Based IPS Test
Results
Appendix A - Vendor
Questionnaires
Appendix B - The Test
Equipment
Spirent Communications
SmartBits SMB-6000/SMB-600
Spirent Communications
Avalanche and Reflector
Adtech AX/4000
Cisco Catalyst 6500 Series
Switches
Blade Software Informer
Suite
Open Source Replay Tools
Tomahawk
tcpreplay
Top
Home
|
