The Falcon's View

NSS Labs released their Q4 2009 Network IPS Comparative Test Report last week, and it's a whopper! The following findings are very interesting:
* Tuning Is Very Important: While some vendors did ok out-of-box, the simple fact was that tuning greatly improved the effectiveness of even the worst performing system. It's imperative that a skilled engineer by brought in for initial tuning, and that tuning be done on a regular basis.
* You Get What You Pay For: It was striking to me how poorly Juniper did in the testing. They were the worst product by a long shot. It goes to show that saving big bucks is only useful if the product still does a decent job. However, sometimes cheap is just that: cheap.
* Surprising Top-Performers: The top recommendations were for IBM and McAfee products, with Sourcefire coming in at third. You'd expect Sourcefire to do well, and they definitely did not disappoint (except for missing one class of fragmentation avoidance technique). However, who would have guessed that IBM and McAfee were producing top-of-the-line products? These vendors must be ecstatic. Let's hope that it serves to motivate their competition to step up their respective games.

If you're going through IPS product selection, then this is a must-read report. It covers products from Cisco (1), IBM (2), Juniper (3), McAfee (2), Sourcefire (1), Stonesoft (3), and TippingPoint (3). Hopefully next go-round it will also include some other vendors, such as Nitro Security, to see how they compare, particularly out-of-the-box.