Carlsbad, Calif.-based NSS Labs said the network security technology has improved on average since 2009 to a 62% effectiveness rate using default policy settings. But the performance or throughput has decreased over the last year with one vendor achieving just 3% of its claimed throughput. Several vendors also failed certain tests, leaving gaping holes in defenses.
"Generally the more signatures or rules you have, the better the security but the slower the performance," said Rick Moy, president of NSS Labs. "That has to be figured into our analysis of these solutions."
The company's Network Intrusion Prevention System (IPS) Comparative Group Test Report for the fourth quarter of 2010 found some vendor default policy settings as low as 31% effectiveness, with tuning remaining an important part of most systems. The company said two vendors failed anti-evasion testing, an improvement over 2009 when half the vendors tested failed to detect exploits that use obfuscation techniques to evade detection.
Many stand alone IPS devices are being saddled by the rise in client-side attacks -- when end users browse to a malicious website and are victims of drive-by attacks.
"What has changed is that client side attacks are much more difficult to detect versus the remote attacker coming in from the outside so it takes more resources in the devices," Moy said.
The company tested the network IPS technologies from Check Point, Cisco, Endace, Fortinet, IBM, Juniper, McAfee, NSFOCUS, Palo Alto Networks, Sourcefire and Stonesoft. The testing was conducted independently and not paid by any vendor, NSS Labs said. The products were pitted against more than 1,170 live, enterprise-class exploits. Products were tested using the vendor's default or "recommended" settings and then again as tuned by a vendor representative, NSS Labs said.
NSS Labs requested that the full results not be published. McAfee's M800 IPS device had the highest overall block rate using only default settings followed by CheckPoint's Power-1 appliance. Sourcefire 3D 4500 and CheckPoint's Power-1 appliances had the highest achievable block rates when adding tuning -- a process that is critical to improving system effectiveness, Moy said.
Tuning can be a significant issue for enterprises because certain policy rules can result in false positives and block valid traffic, Moy said. It can also be costly because a network security pro often has to address device tuning every month.
"This is not a set it and forget it device," Moy said. "In the IPS world when an update comes out you have to test it to make sure it doesn't stop some of your legitimate traffic from getting into your network; especially with custom applications."
More Here
Courtesy:http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1525971,00.html
Nice
ReplyDeletepython training in bangalore
corporate training companies in bangalore
Nice
ReplyDeleteangular4 interview questions
python interview questions
artificial intelligence interview questions
python online training
artificial intelligence online training
Nice blog
ReplyDeletepython interview questions
git interview questions
django interview questions
sap grc interview questions and answers
advanced excel training in bangalore
zend framework interview questions
apache kafka interview questions
very nice interview questions vlsi interview questions
ReplyDeleteextjs interview questions
laravel interview questions
sap bi/bw interview questions
pcb interview questions
unix shell scripting interview questions
really awesome blog
ReplyDeletehr interview questions
hibernate interview questions
selenium interview questions
c interview questions
c++ interview questions
linux interview questions
spring mvc interview questions
machine learning online training thanks for sharing