Performance is critical when evaluating data center intrusion-prevention systems (DCIPS), which face significantly higher traffic volumes than traditional IPSes.\nA typical IPS is deployed at the corporate network perimeter to protect end-user activity, while a DCIPS sits inline, inside the data center perimeter, to protect data-center servers and the applications that run on them. That requires a DCIPS to keep pace with traffic from potentially hundreds of thousands of users who are accessing large applications in a server farm, says NSS Labs, which recently tested five DCIPS products in the areas of security, performance and total cost of ownership.\n\nBE SURE NOT TO MISS:\n\nREVIEW: 5 top hardware-based Wi-Fi test tools\nWhat is NFV and what are its cost, performance and scaling benefits?\nMicro-modular data centers set to multiply\nWhat is hyperconvergence?\n\n\n\u201cApplication traffic generates many connections and transactions per request, which places a high demand on a network-security device\u2019s ability to set up many connections quickly, hold many connections open and achieve high throughput rates,\u201d says NSS Labs, which specializes in cybersecurity testing and purchasing guidance for security infrastructure products and services.\nNSS researchers tested five products to see how well they can identify and block threats against web servers, application servers and database servers without false positives or degradation of network performance. The five tested products are:\n\nFortinet FortiGate 3000D v5.4.5 GA Build 3273\nFortinet FortiGate 7060E v5.4.5 GA Build 6355\nJuniper Networks SRX5400E v15.1X49-D100.6\nMcAfee Network Security Platform NS9100 Appliance v18.104.22.168\nTrend Micro TippingPoint 8400TX v22.214.171.12415\n\nThe lab also tested a product from Cisco, but the results are unverified. \u201cNSS was unable to measure the effectiveness and determine the suitability of data-center products from Cisco and therefore cautions against their deployment without a comprehensive evaluation,\u201d the firm states.\nAfter its testing, NSS Labs reports that all five verified products achieved a\u00a0\u201crecommended\u201d\u00a0rating for both IPv4 and IPv6.\nNSS Labs has made its security value map, which visualizes vendors\u2019 performance, available for free download. The security value map gives a general overview of how well the five different products did in NSS Labs\u2019 group test.\nFor example, the security effectiveness\u00a0of the products ranged from an 89% block rate (Trend Micro's TippingPoint 8400TX) to a 98.7% block rate (Fortinet's FortiGate 3000D and Juniper Networks' SRX5400E).\u00a0\nAt the high end for throughput is Fortinet\u2019s FortiGate 7060E, which achieved 130,526 Mbps for IPv4 and 70,534 Mbps for IPv6 in NSS testing.\nIn terms of effectiveness while subjected to normal and excessive load, NSS reports that all five devices were effective against all evasion techniques tested, and they each passed all stability and reliability tests.\nThe security value map also shows the investment value of each product, which NSS calculates\u00a0by looking at the total cost of ownership (TCO) per protected Mbps of tested product configurations. TCO per protected Mbps ranged between $3 and $9.\n\u201cAn enterprise\u2019s most valuable IT assets and intellectual property reside in its corporate data center,\u201d said Jason Brvenik, CTO at NSS Labs, in a statement. \u201cThe goal of the DCIPS is to protect these assets from remote attacks. Because DCIPS are typically deployed inline, there is frequently a trade-off between security effectiveness and performance.\u201d\nIn announcing the availability of its DCIPS testing results, NSS Labs cited\u00a0research\u00a0from Mordor Intelligence that predicts increased spending on data-center security solutions, thanks to growing data traffic, a rise in cyber threats, and growth of virtualized data centers. The market is estimated to reach $13.4 billion by 2020, up from $6.7 billion in 2015, Mordor Intelligence says.\nFor more granular testing results than the freely available security value map, security professionals with an annual research subscription ($1,995 for an individual) can access NSS Labs' comparative reports related to DCIPS performance, security and TCO. The comparative reports go into greater detail about each product\u2019s ability.\nThe comparative report on DCIPS performance covers results such throughput, latency, concurrent connection capacity, connection rates, HTTP capacity, and real-world traffic mixes, for example. The security-focused comparative report covers IPS exploit blocking capabilities, IPS anti-evasion capabilities, and stability and reliability. The comparative report on TCO goes into greater details on each product\u2019s acquisition costs (for the DCIPS and a central management system); fees paid to the vendor for annual maintenance, support and signature updates; and labor costs for installation, maintenance and upkeep.\nIndividual test reports are also available for each DCIPS product tested, for $295 each.