Tracking IPS catch rates

Return to main article: Juniper, Cisco all-in-one devices hit on intrusion-prevention controls

Tracking IPS catch rates

We tested intrusion-prevention systems in two scenarios: protecting clients (such as Web browser) and protecting servers (such as Web and e-mail servers) separately. The percentages shown are scores from our tests using Mu Security's Mu-4000 Security Analyzer appliance to launch the attack traffic, showing what percentage of the known vulnerabilities in each category (attacks against clients, and against servers) was caught by each IPS.

Vendor	Product	Tuning notes	Client Score	Server Score
Astaro	ASG 425a	Recommended settings	19%	36%
Check Point	UTM-1 2050	SecureDefense configured per Check Point recommendations	27%	32%
Cisco	ASA5540 with SSM-20 IPS module	Set to block at 85% confidence Set to block at 55% confidence	20% 37%	30% 33%
Crossbeam	C25	Set to block at 55% confidence SecureDefense configured per Check Point recommendations	27%	32%
Fortinet	FortiGate 3600A	Scan for major/critical severity signatures Scan for all signatures	14% 41%	23% 24%
IBM	System x3650	SecureDefense configured per Check Point recommendations	27%	32%
IBM/ISS	Proventia MX5010	Recommended settings	75%	44%
Juniper Networks	ISG-1000	Scan for high severity signatures Scan for all severity of signatures No additional protections enabled	42% 87% 5%	46% 70% 17%
Juniper Networks	SSG-520M	Deep inspection for major/critical signatures Deep inspection for all signatures	19% 21%	24% 25%
Nokia	IP290	SecureDefense configured per Check Point recommendations	27%	32%
Secure Computing	Sidewinder 2150D with IPS acceleration	With IPS only proxy	22% 7%	34% 14%
SonicWall	Pro 5060	Scan for major/critical signatures Scan for all signatures	22% 45%	19% 46%
WatchGuard	Firebox Peak X8500e	Scan for major/critical signatures Scan for all signatures	39% 40%	30% 31%