NSS Labs Recommends McAfee NSP NS9100 for Data Center Security
That’s the takeaway from NSS Labs’ just-released test report on high-throughput intrusion prevention systems (IPS) for the data center, in which the McAfee Network Security Platform (NSP) NS9100 appliance won a hard-earned “Recommended” rating. This is the fifth time that McAfee NSP has achieved this level of excellence from NSS Labs for IPS overall. As a combination of blocking, throughput and TCO, McAfee NSP clearly delivers industry leading security for todays and tomorrows Data Center.
NSS Labs’ 2016 Security Value Map (SVM) for Data Center Intrusion Prevention System (DCIPS)
Data center applications make unique demands on an IPS system as traffic levels can be significantly higher than at the corporate perimeter. Also, traffic mixes can vary with security strategies, which may prioritize specific servers, protocols, or applications. Latency is also of great concern, as application performance may be adversely affected if an IPS introduces significant delays. While handling the rigors of a physical network is key, one must keep in mind the growing trends of the virtual Data Center. As the only dedicated IPS certified for VMware’s NSX SDN solution, McAfee NSP finds itself as the security platform of choice for growing your physical Data Center into tomorrow’s virtual software defined data center (SDDC).
IPS Testing Criteria
To discover what the current crop of IPS solutions offers data center security teams, NSS Labs tested a cross section of products claiming effective threat blocking and high throughput capabilities. Each system was subjected to a library of server exploits curated for malicious behaviors that range from opening reverse shell, executing arbitrary code, installing a payload, or rendering a system unresponsive. Selection criteria also included evasive tactics such as IP packet fragmentation, stream segmentation, RPC fragmentation, URL obfuscation, and FTP evasion — deployed singly or in layers.
These threats were embedded in multi-Gigabit traffic streams designed to stress the inspection engine and reveal its performance and behavior in a range of real-world operating scenarios. To complete the assessment, NSS Labs investigators also evaluated each IPS for stability and reliability, ease of management and configuration, and total cost of ownership.
The Envelope Please!
Tested with tuned policy settings, the Network Security Platform NS 9100 blocked 99.4 percent of all exploits in the NSS library and effectively detected and countered all of the evasion techniques employed.
Testers pegged the NS9100’s overall throughput at 19.949 Gbps, almost twice our advertised capacity for this appliance. This calculated rate represents the average of NSS Labs’ real-world protocol mix tests and its 21 KB-response HTTP capacity test.
Finally, the NS9100 passed all assessments for stability, reliability, configurability and manageability. Based on current street pricing, three-year TCO was calculated at just $12 per protected Mbps of data center traffic.
About the Author
Categories: Security Operations