NGIPSPublicGroupTestv2.0Tes$ng,Trends,UseCase,andEvolu$on

@nsslabsThomasSkybakmoen|Dis$nguishedResearchDirector,NSSLabs

2

WhoisNSSLabs?Research&Advisory•  Solu$ontrends•  Bestprac$cesolu$onarchitectureguidance•  Analystinquiries•  Securityadvisorydays•  Webinars/educa$on

Objec3vePurchaseInsight•  Productmodeling•  RFPtemplates•  TCOmodelingkits

SecurityVendorTes3ng•  Securityefficacy•  Solu$onperformance•  Costofownership

CyberAdvancedWarningSystem™•  Con$nuousexploitvisibility•  Con$nuoustargetassetiden$fica$on•  Con$nuoussecuritymeasurement•  Productcompara$ves•  SaaSorAPI

3

NSSLabsTesting:TimelineandProcess•  Coverageandtestsaregrowing–10+yearsofsecuritytes$ngo  2016–6+tests,40+vendors,40+devices

• Workflowfortestdevelopment:1.  Marketassessment2.  Primaryresearch3.  Enterpriseplanning4.  Methodology5.  Testharnessdevelopment6.  Grouptest,aggregate,review7.  Publishresults

4

NextGenerationIPS(NGIPS)Defined

•  Tradi$onalIPSplus:o  Applica$oncontrolo  Useriden$fica$ono  Threatintelligenceintegra$on

Useriden$fica$on

Applica$oncontrol

Reputa$on

Keynextgenera$oncharacteris$cs

5

KeyMarketDrivers

• Securityeffec$venesso  Increasinglycomplexthreatlandscape

•  Improvesecurityworkflowo  Integra$onwithsignature-lessproducts,SIEM,IR

• Flexiblearchitectureo  Internaldatacentertrafficplusperimeter

6

CurrentStateoftheMarket(CY2015)

• Marketsize:o  US$1,436M

• Currentbuyers:o  Largeenterpriseandenterpriseaccountedfor77%oftotalsalesin2015

o Maturingmarket

Cisco40.1%

IntelSecurity23.2%

IBM14.7%

TrendMicro11.9%

Others10.1%

7

NGFWGroupTest

•  ProductReportsreleased•  Compara$veReportsreleased•  LiveTes$ngSecurityCompara$veresultsfromNSS’CyberAdvancedWarningSystem

•  SVMSecurityValueMap

VendorA

VendorB

VendorC

VendorD

VendorE

SecurityEffec3veness

Performance TotalCostofOwnership

ProductReports

Compara3veReports

8

NGIPSGroupTestv2.0:Summary•  Whatwastested?

o  8market-leadingproductsfrom8vendorso  ProductshadtomeetNGIPSdefini$ono  NSSRa$ngs:4Recommended,2Neutral,2Cau/on

•  Whatmadethistestdifferent?o  UpdatedStrikePackso  Updatedevasionharnesso  Includedlivecomponents(CAWS)

•  Whatdotheresultstellus?o  Market-leadingproductsarekeepingupwithevolvingthreatlandscape

o  Dedicatedappliancess$llfulfillsomeimportantusecases(e.g.,protec$ngcri$calnetworksegments)

9

GroupTestResults:Definitions•  TCO

o  Purchaseo Maintenance–incl.subscrip$onfeeso  Administra$on–incl.installa$onandtuning

•  SecurityEffec$venessequa$ono  ExploitBlockRate*Evasions*Stability&Reliability

•  TCOperProtectedMbpso  Equa$on:(3-YearTCO)/(SecurityEffec$venessxNSSTestedThroughput)

10

NGIPSSecurityValueMap™(SVM)

11

NGIPSv2.0:Trendsin2016• Maturingmarketwithfewnewentrants•  “Next-genera$on”featuresbeginningtocommodi$ze• Differen$a$onthroughmee$ngstringentperformancerequirements

12

NGIPS:WorththeInvestment?

•  Architecturallystraighrorwardandwellunderstood

•  Providingvisibilityintotrafficisincreasinglyimportant

• Designedtoperformonlargestlinks

•  TCOispredictableanddropping

•  Partofoverallplarorm:perimeter,internal,agent

Q&Awww.nsslabs.com