NSS Labs, Inc., a global leader and trusted source for independent cybersecurity product testing, announced the results of its 2019 Next Generation Intrusion Prevention System (NGIPS) Group Test.
Five of the industry’s leading NGIPS products were tested to compare product capabilities for security effectiveness (exploit block rate, evasion techniques and stability & reliability), total cost of ownership (TCO), and performance.
The threat landscape is evolving constantly; attackers are refining their strategies and increasing both the volume and the effective capabilities of their attacks. Enterprises must defend against persistent attacks targeting highest-value assets with little room for error.
Evasion techniques are a means of disguising and modifying attacks at the point of delivery to avoid detection by security solutions. Failure of a security device to correctly identify a specific type of evasion enables an attacker to use an entire class of exploits for which the device otherwise has protection. The more classes of evasion that are missed (such as HTTP evasions, IP packet fragmentation, TCP stream segmentation and HTML obfuscation), the less effective the device.
This is the fifth year of testing NGIPS products. In this year’s test, NSS Labs was able to evade three NGIPS products. Only one demonstrated robust protection against script-obfuscated attack variants designed to test the security devices’ resilience.
This NGIPS test focuses on the following product capabilities:
• Exploit block rate: Blocking exploits is the purpose of an Intrusion Prevention System (IPS). This test determines IPS exploit protection capabilities across a broad range of attacks – while ensuring the device does not block legitimate traffic (false positives).
• Resistance to Evasions: Evasions are techniques of disguising attacks in order to avoid detection. Missing an evasion means an attacker can circumvent the IPS, bypassing defenses. The techniques used in this test have been widely known for years and should be considered minimum requirements for the IPS product category. Providing exploit protection results without factoring in evasions can be misleading since the more evasions that are missed, the worse the situation. The test determines the ability of NGIPS products to properly detect and block exploits that apply evasion techniques.
• Real-world performance: Vendors’ datasheets provide product maximums under ideal conditions that rarely exist in the real world. NSS Labs’ extensive performance tests capture edge cases and points of failure of the tested products. Our real-world testing enables us to predict the performance limits of products so that buyers do not have to learn the hard way.