NSS Labs Intrusion Prevention Tests: Did Your Vendor Partner Pass?

Juniper Networks' SRX intrusion prevention system appliance struggled to perform in tests conducted by NSS Labs, receiving the only "caution" rating from the firm among a field of nine other products.

NSS Labs, an Austin, Texas-based information security research and testing company, evaluated 10 intrusion prevention systems in total -- Check Point Software Technologies, Dell SonicWall, Fortinet, HP TippingPoint, IBM, Juniper, McAfee (with two appliances), Sourcefire and Stonesoft -- for security effectiveness, performance and enterprise management capabilities. NSS Labs used its test results to establish an overall score and determine a total cost of ownership of the appliances. The findings were released last week.

The Juniper SRX 5800 appliance received below-average marks, receiving an 89.2 percent effectiveness score, having blocked 90.3 percent of attacks against server applications and 88.3 percent of attacks against client applications in NSS Labs testing.

Juniper's appliance has been a mainstay in many large telecommunications and enterprise environments and is known for its expensive price tag, but it also carried the distinction of providing security without impacting network traffic performance, said Rob Ayoub, research director at NSS Labs.

id
unit-1659132512259
type
Sponsored post

[Related: Juniper Software Boss Muglia Latest Top Exec To Depart ]

"Juniper was addressing throughput in environments where other vendors failed to address, giving them a strong history as an industry leader for a long time," Ayoub said. "From an industry perspective they keep assuring the community that they are doing some revamping and working on improvements."

A Juniper spokesperson did not return a request for comment to CRN.

Juniper has had a long presence in enterprise data centers with many businesses standardizing on Juniper equipment, said Joe Miller, vice president and owner of Wilder, Ky.-based Key Solutions, a Juniper partner. Independent test results are one of many different factors for businesses to evaluate products, Miller said, adding that his firm advises clients on networking products from a variety of companies. "Juniper may not always be the first line that we go to when a customer needs network security gear," Miller said. "We are constantly advising clients and work with them to identify what will most benefit their unique environments."

HP TippingPoint received a 91.1 percent score for its S7500NX appliance, and Fortinet received a 93.8 percent effectiveness rating for its Fortigate 3600C appliance.

Some solution providers have told CRN that their confidence in Juniper's security business had been shaken following quality issues associated with its SRX services gateway line in 2011. Juniper's security business, meanwhile, saw revenue for the fourth quarter decline 7 percent year over year to $157 million, according to Juniper’s financial results reported Thursday.

In an earlier interview with CRN before the NSS Labs results were released, Karim Toubba, vice president of global security channels at Juniper, said that any product-related issues or quality have been addressed. The company is focused with a very clear and differentiated story in the data center, Toubba said.

"I think it's important because for many of our partners, and especially the ones that focus on the enterprise, the data center is really sort of the key to the kingdom of the enterprise and where they store the data," Toubba said. "Security becomes a paramount discussion and paramount piece of the puzzle."

NEXT: Four Vendors Receive NSS Labs' 'Recommended' Rating

The market for intrusion prevention systems is in a state of flux, according to NSS Labs' Ayoub. FireEye has thrown a wrench into the market for networking security appliances with its line of appliances designed to detect custom malware and other threats, he said. Meanwhile, next-generation firewall vendors are adding capabilities that mirror those in traditional IPS appliances, Ayoub said.

Cisco Systems continues to lead the overall security appliance market, according to the latest market-share estimates from research firm IDC, followed by Check Point and Fortinet. Juniper, which once had a firm grip on the No. 3 position, is in fourth place, according to IDC. Palo Alto Networks surpassed Blue Coat as the fifth largest appliance vendor, according to IDC.

Intrusion prevention systems have long been a part of the security technology stack at enterprises in line with the firewall through to the endpoint. While next-generation firewalls have become popular, Ayoub said he expects IPS appliances to continue to be standard gear at large businesses with strong networking teams.

"The largest enterprises will stick with the traditional model of firewall and IPS but as you move down the stack, midtier and smaller organizations can't afford to effectively maintain an IPS in the first place," Ayoub said. "What they are really concerned about turns out to be application control, and in a lot of cases next-generation firewalls solves that need."

Network security vendors typically perform better than standard networking vendors because they can focus their resources on security effectiveness, said Shaq Kahn, CEO of Fremont, Calif.-based security service provider Fortifire. "There's no vendor that is perfect," Kahn said. "I tell clients that it all has to come together and ultimately depends on their specific environment."

NSS Labs said four of the 10 IPS appliances it tested scored above 95 percent for security effectiveness. Sourcefire's 7100 appliance (now part of Cisco) received the highest security effectiveness score at 97.9 percent followed by IBM's GX7800. Also receiving high security effectiveness ratings were McAfee's NS 9100 and 9200 series appliances. Dell SonicWall's Supermassive appliance, Stonesoft and Check Point appliances performed above average in the NSS Labs' security testing.

Stonesoft, McAfee, Dell SonicWall and Check Point earned NSS Labs' "recommended" rating. The appliances from Sourcefire, Fortinet, HP and IBM each received a "neutral" rating.

KRISTIN BENT contributed to this story.

PUBLISHED JAN. 24, 2014