Top Intrusion Prevention System Appliance: A 9-Vendor Battle

Next-Generation Firewall Vendors Disrupt IPS Market

Large enterprises will continue to put an intrusion prevention system in-line behind a firewall, but budget conscious organizations with fewer IT staff members are looking at next-generation firewall appliances that promise both the packet inspection of an appliance, application control and other features in a next-generation firewall. Other vendors, such as Stonesoft (recently acquired by McAfee), have virtual file analysis engines to detect custom malware used in advanced threats.

The 2013 NSS Labs Network Comparative Analysis report, issued last month, provides a glimpse of the market for the technology which has been a staple at most data centers. The tests were conducted on appliances submitted for testing at its Austin, Texas-based labs.

Here's a look at the security appliance makers that came out on top.

Check Point 13500

Check Point claims its 13500 next-generation firewall appliance gets up to 23.61 Gbps of firewall throughput and 5.71 Gbps of IPS. It was rated very highly in NSS Labs' recent testing, earning a 94.4 percent security effectiveness rating. NSS Labs engineers calculated the total cost of ownership at $23.55 per protected Mbps.

NSS Labs engineers warned that the appliance it tested was prone to causing some false positive alerts in live corporate networks. The Smart-1 management tools may be complicated for some networking pros to learn, but they provide robust capabilities, NSS Labs said. The appliance received a "Recommended" rating from NSS Labs.

Dell SonicWall SuperMassive E10800

Industry analysts say Dell is hoping its SonicWall SuperMassive next-generation firewall appliance line will move it up into the enterprise space. Dell says its system provides more than 10 Gbps of full deep packet inspection throughput.

The appliance received a "Recommended" rating from NSS Labs, which after testing it gave the appliance a security effectiveness score of 94.8 percent. The appliance got an above average value rating, with a total cost of ownership at $15.02 per protected Mbps.

Fortinet FortiGate 3600C

Fortinet sells its FortiGate 3600C next-generation firewall as fully integrated unified threat management for large enterprises and managed service providers. The appliance got a below average security effectiveness score at 93.8 percent. NSS Labs engineers calculated the value rating at above average with a total cost of ownership at $10.72 per protected Mbps. Fortinet was one of four vendors that received an overall "Neutral" rating from the firm. The company said the appliance gets 14 Gbps of intrusion prevention system throughput and up to 60 Gbps firewall throughput.

HP TippingPoint S7500NX

Hewlett-Packard began selling the TippingPoint line shortly after it acquired it as part of its $2.7 billion acquisition of 3Com in 2010. Today, HP touts the appliance's performance across both physical and virtual networks. HP launched a line of next-generation firewall appliances extending its standalone IPses with stateful packet filtering and application control.

The HP TippingPoint NX series appliances are a true inline intrusion prevention system with DNS reputation, application control and deep packet inspection engine. The TippingPoint S7500NX got a below average security effectiveness rating at 91.1 percent and an average value rating, with a total cost of ownership at $25.86 per protected Mbps.

IBM GX7800

IBM's GX7800 IPS got an above average security effectiveness score at 95.7 percent block rate. IBM said the appliance offers performance beyond 20 Gbps of inspected throughput. The total cost of ownership of the device, calculated at $47.85 per protected Mbps, earned it a below average score. The GX7800 got a "Neutral" rating from NSS Labs. The company said it has tight integration with its QRadar Security Intelligence Platform and gets its threat protection policies from IBM's X-Force threat research team.

Juniper SRX5800

Juniper's SRX5800 has been a mainstay in many large telecommunications and enterprise environments. It carries the distinction of providing security with minimal impact to network traffic performance, according to Rob Ayoub, researcher director at NSS Labs. But Juniper has struggled with its SRX line in recent years and poor results in NSS Labs testing. The IPS appliance received below-average marks compared to its competitors. It got an 89.2 percent effectiveness score, having blocked 90.3 percent of attacks against server applications and 88.3 percent of attacks against client applications in NSS Labs testing. The SRX5800 was the only appliance to get the "Caution" rating from NSS Labs engineers.

McAfee NS-9100 and McAfee NS-9200

McAfee claims its NS series Network Security Platforms can scale with speeds of more than 40 Gbps. In addition to intrusion prevention, the appliances have anti-botnet and denial-of-service attack prevention capabilities. Both the NS series 9100 and 9200 appliances received "Recommended" ratings from NSS Labs. The company's low-end 9100 appliance got a 95.1 percent security effectiveness block rate and a total-cost-of-ownership calculation at $12.03 per protected Mbps. The mid-grade NS-9200 model scored a 95.1 percent security effectiveness blocking rate and was given a total-cost-of-ownership calculation of $13.76 per protected Mbps.

NSS Labs said the 9100 outperformed the vendor-claimed throughput on all traffic mixes, but it said the management console has a dependence on Java, which introduces some additional latency.

Sourcefire 7120

Cisco Systems acquired Sourcefire in July, spending $2.7 billion for the company's line of intrusion prevention systems. The 7000 series appliance range fits in line with competitor appliances tested by NSS Labs, and it is aimed at lower network performance requirements. The company's FirePower architecture provides standard IPS capabilities with application control, next-generation firewall features and advanced malware protection. Martin Roesch, the founder of Sourcefire and creator of the Snort network intrusion preventions system engine, remains at Cisco as vice president and chief architect of Cisco’s Security Business Group.

In NSS Labs testing, the 7120 received a 97.9 percent security effectiveness score and a total-cost-of-ownership calculation at $36.08 per protected Mbps, earning it a "Neutral" rating from NSS Labs engineers. The testing firm praised Sourcefire's Defense Center management tool but said some enterprises might find engineers to have a steep learning curve.

Stonesoft 3206

McAfee acquired Stonesoft for $389 million in May mainly for the Finnish security firm's Evasion malware detection engine, which has been praised for its ability to detect custom malware designed to conceal itself from file inspection technology. NSS Labs gave Stonesoft positive scores in 2013, and it repeated its performance in the latest round of tests: NSS Labs gave it a "Recommended" rating, calling the appliance suitable for enterprise deployments.

Stonesoft said its 3206 appliance is suitable for high-end data centers and large network central sites. It includes deep packet inspection and a virtual engine for suspicious file inspection. McAfee plans to integrate it more deeply into its entire portfolio. In the latest NSS Labs testing, it earned a 32.6 percent, above average security effectiveness score and a total-cost-of-ownership calculation of $23.83 per protected Mbps. NSS Labs testers liked Stonesoft's unified management console as well as its shortcuts and drill-down features. Testing, however, found throughput performance below the vendor-claimed 10 Gbps.