Tracking IPS catch rates

Return to main article: Juniper, Cisco all-in-one devices hit on intrusion-prevention controls

Tracking IPS catch rates

We tested intrusion-prevention systems in two scenarios: protecting clients (such as Web browser) and protecting servers (such as Web and e-mail servers) separately. The percentages shown are scores from our tests using Mu Security's Mu-4000 Security Analyzer appliance to launch the attack traffic, showing what percentage of the known vulnerabilities in each category (attacks against clients, and against servers) was caught by each IPS.

Vendor	Product	Tuning notes	Client Score	Server Score
Astaro	ASG 425a	Recommended settings	19%	36%
Check Point	UTM-1 2050	SecureDefense configured per Check Point recommendations	27%	32%
Cisco	ASA5540 with SSM-20 IPS module	Set to block at 85% confidence Set to block at 55% confidence	20% 37%	30% 33%
Crossbeam	C25	Set to block at 55% confidence SecureDefense configured per Check Point recommendations	27%	32%
Fortinet	FortiGate 3600A	Scan for major/critical severity signatures Scan for all signatures	14% 41%	23% 24%
IBM	System x3650	SecureDefense configured per Check Point recommendations	27%	32%
IBM/ISS	Proventia MX5010	Recommended settings	75%	44%
Juniper Networks	ISG-1000	Scan for high severity signatures Scan for all severity of signatures No additional protections enabled	42% 87% 5%	46% 70% 17%
Juniper Networks	SSG-520M	Deep inspection for major/critical signatures Deep inspection for all signatures	19% 21%	24% 25%
Nokia	IP290	SecureDefense configured per Check Point recommendations	27%	32%
Secure Computing	Sidewinder 2150D with IPS acceleration	With IPS only proxy	22% 7%	34% 14%
SonicWall	Pro 5060	Scan for major/critical signatures Scan for all signatures	22% 45%	19% 46%
WatchGuard	Firebox Peak X8500e	Scan for major/critical signatures Scan for all signatures	39% 40%	30% 31%

ESG Applauds EMC's New CX4 in Analyst Report, CLARiiON Improves Again - EMC
Simplify Identity and Access Management. Read The Power of One today.- Quest Software
Simplify Identity and Access Management. Read The Power of One today.- Quest Software
8Mbps only $999 a month. Free installation in 3-5 days.- Towerstream
Correlated network, application and service management and monitoring.- Zyrion
There's a way to survive tough times. Be Extreme. Learn more!- Extreme Networks
Webcast: PoE Plus: Impact on the PoE Market- Ethernet Alliance
2008 Internet Malware Trends. Download Your Free Report Now.- IronPort, now part of Cisco
Learn the benefits of end user management tools in this webcast. - Quest Software
Secure your virtual and physical environments with the same software. - Tripwire

Partner Content

Brilliantly simple security and control solutions for email, web and endpoint

www.sophos.com

Stopping data leakage

Learn how to exploit your current security investment to control the information that flows into, through and out of your network.

Download the white paper.

Why detection rates aren't enough

Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.

Download the white paper.

Applications: taking back control

Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.

Learn more today.