The market for intrusion prevention systems is in a state of flux, according to NSS Labs' Ayoub. FireEye has thrown a wrench into the market for networking security appliances with its line of appliances designed to detect custom malware and other threats, he said. Meanwhile, next-generation firewall vendors are adding capabilities that mirror those in traditional IPS appliances, Ayoub said.
Cisco Systems continues to lead the overall security appliance market, according to the latest market-share estimates from research firm IDC, followed by Check Point and Fortinet. Juniper, which once had a firm grip on the No. 3 position, is in fourth place, according to IDC. Palo Alto Networks surpassed Blue Coat as the fifth largest appliance vendor, according to IDC.
Intrusion prevention systems have long been a part of the security technology stack at enterprises in line with the firewall through to the endpoint. While next-generation firewalls have become popular, Ayoub said he expects IPS appliances to continue to be standard gear at large businesses with strong networking teams.
"The largest enterprises will stick with the traditional model of firewall and IPS but as you move down the stack, midtier and smaller organizations can't afford to effectively maintain an IPS in the first place," Ayoub said. "What they are really concerned about turns out to be application control, and in a lot of cases next-generation firewalls solves that need."
Network security vendors typically perform better than standard networking vendors because they can focus their resources on security effectiveness, said Shaq Kahn, CEO of Fremont, Calif.-based security service provider Fortifire. "There's no vendor that is perfect," Kahn said. "I tell clients that it all has to come together and ultimately depends on their specific environment."
NSS Labs said four of the 10 IPS appliances it tested scored above 95 percent for security effectiveness. Sourcefire's 7100 appliance (now part of Cisco) received the highest security effectiveness score at 97.9 percent followed by IBM's GX7800. Also receiving high security effectiveness ratings were McAfee's NS 9100 and 9200 series appliances. Dell SonicWall's Supermassive appliance, Stonesoft and Check Point appliances performed above average in the NSS Labs' security testing.
Stonesoft, McAfee, Dell SonicWall and Check Point earned NSS Labs' "recommended" rating. The appliances from Sourcefire, Fortinet, HP and IBM each received a "neutral" rating.
KRISTIN BENT contributed to this story.
PUBLISHED JAN. 24, 2014