Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Intrusion Tools Getting Better but Need Tuning

Jeremy Kirk | Jan. 24, 2011
The latest tests of intrusion-protection systems, which are used to defend corporate networks from external threats, show that they're improving but are far from perfect.

FRAMINGHAM 24 JANUARY 2011 - The latest tests of intrusion-protection systems, which are used to defend corporate networks from external threats, show that they're improving but are far from perfect.

NSS Labs Inc. tested 13 IPS products from 11 vendors in the fourth quarter of 2010. At default settings for protecting against malware exploits, the systems caught 62% of the attacks on average, up from 45% in 2009.

In their default modes, McAfee Inc.'s M-8000 and Cisco Systems Inc.'s IPS 4260 Sensor were the best at blocking attacks against desktop applications, with effectiveness rates of 94.5% and 91.8%, respectively, in NSS's tests.

When engineers from the companies were allowed to "tune" their products, or add more rules designed to catch specific types of attacks, the 13 IPS products had substantially higher success rates.

Some products had effectiveness rates as low as 31% at the default settings. "There's a big difference between the default and the tuned for many vendors," said Rick Moy, president of NSS Labs.

The 11 vendors voluntarily submitted their products for the free testing, but nine other vendors declined, said Moy. "The vendors who had confidence in their products wanted to participate," he said.

 

Sign up for Computerworld eNewsletters.