NSS Labs Research and Advisory Data Sheet
D ATA S H E E T
Research and Advisory Make Security Decisions Based on the Facts Informed Decision Making Selecting the right security solution for your organization is a major decision—the wrong choice can result in downtime, data loss, or even a network breach. Informed decisions require thorough analysis of all available offerings, which can be challenging. Some enterprises may have the technical resources needed to perform a comprehensive
Highly engineered test processes and procedures
analysis, but not the budget. Conversely, some organizations may have the budget but not the experienced personnel, extensive lab setup, or necessary test equipment. Most importantly, enterprises that want to perform their own security product assessments do not have access to the most current threat data. IT teams are left make critical decisions using marketing data sheets rather than empirical data. NSS Labs provides you with the facts you need to make informed decisions.
World’s largest live security test harness
Enterprise-Focused Security Testing NSS Labs helps organizations make informed cybersecurity purchase decisions by providing the industry’s most comprehensive review of the features and functionality of enterprise-class security products. NSS works closely with enterprise IT teams to develop thorough and relevant test methodologies, which NSS engineers use to
Two million hours of hands-on testing
test the industry’s leading products. Findings are published in individual product Test Reports, detailed Comparative Reports on security, performance, and total cost of ownership (TCO), and overall ratings are graphically depicted in our unique Security Value Map™ (SVM).
NSS Labs 2017 Group Tests
24/7 global analysis of active exploits
NSS focuses on the top security technologies used by Fortune 2000 companies. All of our public group tests are non-commissioned to ensure objectivity and freedom from bias. Analysis of the results is conducted using the empirical data gathered during our in-house testing. In addition, all test methodologies are in the public domain and are made available to enterprises and vendors for review prior to publication.
$30M data center investment
REV A 0630
www.nsslabs.com
D ATA S H E E T
2017 Group Test Overview Endpoint Security
Network Security
Breach Security
Data Center Security
Virtual Security
Advanced Endpoint Protection (AEP)
Next Generation Firewall (NGFW)
Breach Detection System (BDS)
Web Application Firewall (WAF)
Virtual Firewall (vFW)
Web Browser Security (WBS)
Next Generation Intrusion Prevention System (NGIPS)
Breach Prevention System (BPS)
Data Center Firewall (DCFW)
Hypervisor (HV)
Secure Sockets Layer/ Transport Layer Security (SSL/TLS)
Data Center Intrusion Prevention System (DCIPS) Data Center Security Gateway (DCSG)
Advanced Endpoint Protection (AEP)
Hypervisor (HV)
AEP products combine endpoint protection (EPP) and endpoint detection & response (EDR) to provide contextual awareness and end-to-end visibility.
The HV is the OS or software that abstracts and distributes computing resources so that multiple virtual machines can share a single host system.
Breach Detection System (BDS)
Next Generation Firewall (NGFW)
BDS analyze suspicious code and identify communication with malicious hosts to detect zero-day and targeted attacks that bypass traditional defenses such as NGFW and NGIPS.
NGFWs are traditional firewalls that incorporate IPS functionality and other features such as application control, user awareness, and the capability to integrate with threat intelligence feeds.
Breach Prevention System (BPS)
Next Generation Intrusion Prevention System (NGIPS)
BPS gather and analyze indicators of attack, indicators of compromise, or other evidence of suspected malicious activity and then take preventative measures to stop a breach from occurring.
NGIPS products extend IPS signature-based protection to include deep packet inspection, which focuses on vulnerabilities at the application level.
Data Center Firewall (DCFW)
SSL/TLS devices secure communication between servers and browsers using ciphers and key sizes while detecting and blocking web-based attacks.
DCFWs are enterprise-class firewalls that provide high performance, low latency, and high availability and that are deployed to protect data center assets. Data Center Intrusion Prevention System (DCIPS)
Network security gateways with integrated firewall and IPS functions DCIPS are enterprise-class IPS products designed to support the hundreds of thousands of users accessing large applications in a server farm. Data Center Security Gateway (DCSG)
DCSG devices combine DCFW and DCIPS functionality to provide firewall, IPS, and other advanced capabilities for high-performance data centers.
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Virtual Firewall (vFW)
The vFW provides packet filtering for and monitoring of VMs in the data center. Web Application Firewall (WAF)
A WAF is designed to scan and filter HTTP traffic to and from a web application server using a range of techniques, including HTTP/HTTPS protocol enforcement. Web Browser Security (WBS)
Browser security controls that isolate individual browser sessions and offer URL reputation functionality to protect against phishing and socially engineered malware. REV A 0630
+1 (844) NSS-LABS www.nsslabs.com
[email protected] @nsslabs
© 2017 NSS Labs, Inc. All rights reserved.
Research and Advisory Make Security Decisions Based on the Facts Informed Decision Making Selecting the right security solution for your organization is a major decision—the wrong choice can result in downtime, data loss, or even a network breach. Informed decisions require thorough analysis of all available offerings, which can be challenging. Some enterprises may have the technical resources needed to perform a comprehensive
Highly engineered test processes and procedures
analysis, but not the budget. Conversely, some organizations may have the budget but not the experienced personnel, extensive lab setup, or necessary test equipment. Most importantly, enterprises that want to perform their own security product assessments do not have access to the most current threat data. IT teams are left make critical decisions using marketing data sheets rather than empirical data. NSS Labs provides you with the facts you need to make informed decisions.
World’s largest live security test harness
Enterprise-Focused Security Testing NSS Labs helps organizations make informed cybersecurity purchase decisions by providing the industry’s most comprehensive review of the features and functionality of enterprise-class security products. NSS works closely with enterprise IT teams to develop thorough and relevant test methodologies, which NSS engineers use to
Two million hours of hands-on testing
test the industry’s leading products. Findings are published in individual product Test Reports, detailed Comparative Reports on security, performance, and total cost of ownership (TCO), and overall ratings are graphically depicted in our unique Security Value Map™ (SVM).
NSS Labs 2017 Group Tests
24/7 global analysis of active exploits
NSS focuses on the top security technologies used by Fortune 2000 companies. All of our public group tests are non-commissioned to ensure objectivity and freedom from bias. Analysis of the results is conducted using the empirical data gathered during our in-house testing. In addition, all test methodologies are in the public domain and are made available to enterprises and vendors for review prior to publication.
$30M data center investment
REV A 0630
www.nsslabs.com
D ATA S H E E T
2017 Group Test Overview Endpoint Security
Network Security
Breach Security
Data Center Security
Virtual Security
Advanced Endpoint Protection (AEP)
Next Generation Firewall (NGFW)
Breach Detection System (BDS)
Web Application Firewall (WAF)
Virtual Firewall (vFW)
Web Browser Security (WBS)
Next Generation Intrusion Prevention System (NGIPS)
Breach Prevention System (BPS)
Data Center Firewall (DCFW)
Hypervisor (HV)
Secure Sockets Layer/ Transport Layer Security (SSL/TLS)
Data Center Intrusion Prevention System (DCIPS) Data Center Security Gateway (DCSG)
Advanced Endpoint Protection (AEP)
Hypervisor (HV)
AEP products combine endpoint protection (EPP) and endpoint detection & response (EDR) to provide contextual awareness and end-to-end visibility.
The HV is the OS or software that abstracts and distributes computing resources so that multiple virtual machines can share a single host system.
Breach Detection System (BDS)
Next Generation Firewall (NGFW)
BDS analyze suspicious code and identify communication with malicious hosts to detect zero-day and targeted attacks that bypass traditional defenses such as NGFW and NGIPS.
NGFWs are traditional firewalls that incorporate IPS functionality and other features such as application control, user awareness, and the capability to integrate with threat intelligence feeds.
Breach Prevention System (BPS)
Next Generation Intrusion Prevention System (NGIPS)
BPS gather and analyze indicators of attack, indicators of compromise, or other evidence of suspected malicious activity and then take preventative measures to stop a breach from occurring.
NGIPS products extend IPS signature-based protection to include deep packet inspection, which focuses on vulnerabilities at the application level.
Data Center Firewall (DCFW)
SSL/TLS devices secure communication between servers and browsers using ciphers and key sizes while detecting and blocking web-based attacks.
DCFWs are enterprise-class firewalls that provide high performance, low latency, and high availability and that are deployed to protect data center assets. Data Center Intrusion Prevention System (DCIPS)
Network security gateways with integrated firewall and IPS functions DCIPS are enterprise-class IPS products designed to support the hundreds of thousands of users accessing large applications in a server farm. Data Center Security Gateway (DCSG)
DCSG devices combine DCFW and DCIPS functionality to provide firewall, IPS, and other advanced capabilities for high-performance data centers.
Secure Sockets Layer/Transport Layer Security (SSL/TLS)
Virtual Firewall (vFW)
The vFW provides packet filtering for and monitoring of VMs in the data center. Web Application Firewall (WAF)
A WAF is designed to scan and filter HTTP traffic to and from a web application server using a range of techniques, including HTTP/HTTPS protocol enforcement. Web Browser Security (WBS)
Browser security controls that isolate individual browser sessions and offer URL reputation functionality to protect against phishing and socially engineered malware. REV A 0630
+1 (844) NSS-LABS www.nsslabs.com
[email protected] @nsslabs
© 2017 NSS Labs, Inc. All rights reserved.
