Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Intrusion-Protection Systems

Two-and-a-Half Approaches

We found significant differences in approach and results among the participants in this still-developing category. Our invitation specified that each device must be a self-contained system able to identify network attacks and prevent them through its own action, rather than by sending commands to a firewall or other piece of network infrastructure. We also requested systems capable of handling the expected 400-Mbps flow through our test network core switches.

As it turned out, we tested using traffic moving across the core of the university's network, where flows averaged more than 600 Mbps, peaking at more than 800 Mbps with 180,000 to 250,000 simultaneous connections. Busy students. Of course, we wouldn't penalize entrants for not coping with conditions we hadn't told them to expect, but the larger flows did give us an off-the-record look at device capacity, revealing how the products handled a large amount of real network traffic with lots of live exploits and false positives. We also generated traffic with specific simulated attack types to see how successfully the devices stopped common exploits (for more on our test setup, see "How We Tested Network Intrusion-Prevention Products").

NIP Features

Click to Enlarge

In the final analysis, two-and-a-half distinct factions emerged in this comparison:

  • 1