Network intrusions have become the new norm. Phishing attacks are a $5.3 billion industry, and attacks are expected to exceed $9 billion in 2018, according to the FBI. It's up to security tools such as network intrusion detection and prevention systems (IDPS) to spot intruders before they can do serious damage.
The IDPS appliance market contains standalone physical and virtual appliances that inspect defined network traffic, either on-premises or in the cloud. The vendors covered in this report are those that scored well according to Gartner surveys.
Darktrace is included despite not being classified as an IDPS, because its technology has the potential to disrupt the market.
- McAfee NSP
- Trend Micro TippingPoint
- Hillstone NIPS
- Darktrace Enterprise Immune System
- NSFocus NGIPS
- H3C SecBlade IPS
- Huawei NIP
- Entrust IoTrust Identity and Data Security
- Cisco Firepower NGIPS
- IDPS Vendor Features Chart
The McAfee Network Security Platform (NSP) is a network threat and intrusion prevention solution that protects systems and data wherever they reside, across data centers, the cloud, and hybrid enterprise environments. It can support up to 32 million connections on a single appliance uses intelligence to find and block advanced targeted attacks on the network.
TippingPoint identifies and blocks malicious traffic, prevents lateral movement of malware, ensures network availability and resiliency, and enhances network performance. It can be deployed into the network with no IP or MAC address to immediately filter out malicious and unwanted traffic. Digital Vaccine threat intelligence security filters cover the entire vulnerability footprint, not just specific exploits. The solution offers network traffic inspection throughput up to 120 Gbps.
The Hillstone Network-based IPS (NIPS) appliance offers intrusion prevention, anti-virus, application control, advanced threat detection, abnormal behavior detection, a cloud sandbox and a cloud-based security management and analytics platform. NIPS operates in-line, performing deep packet inspection, and assembling inspection of all network traffic. It can identify more than 3,000 applications, including mobile and cloud.
The Darktrace Enterprise Immune System is machine learning and AI technology for cyber defense. It iteratively learns a unique "pattern of life" for every device and user on a network, and correlates these insights to spot emerging threats that would otherwise go unnoticed. Darktrace does not consider itself an IPS or IDPS solution, and Gartner agrees that the company does not fit that category. However, the analyst firm named it a vendor to watch in this area of the market.
The NSFocus Next-Generation Intrusion Prevention System (NGIPS) provides threat protection that blocks intrusions, prevents breaches, and safeguards assets. It uses a multi-layer approach to identify and address known, zero-day, and advanced persistent threats to protect from malware, worms, spyware, back-door Trojans, data leakage, brute force cracking, protocol attacks, scanning/probing and web threats.
The H3C SecBlade IPS is a module for H3C switches and routers. Integrating such functions as intrusion detection, intrusion prevention, virus filtering and bandwidth management, it can perform Layer-4 to Layer-7 in-depth analysis and detection and stop network attacks and abuses such as viruses, worms, Trojan horses, spyware, and webpage tampering in real time, with self-learning capabilities.
Huawei Network Intelligent Protection (NIP) provides virtual patches, web application protection, client application protection, anti-malware, antivirus, anti-DDoS, and application sensing and control on IPv4 and IPv6 networks. Vulnerability-based detection can prevent against overflow attacks and worm infections.
Entrust IoTrust Identity and Data Security is a connected ecosystem that is secure by design from device manufacturing through the entire IoT lifecycle. It uses enterprise-grade encryption technologies, and establishes trusted identities for devices across IoT infrastructures.
Cisco's Next-Generation Intrusion Prevention System comes in software and physical and virtual appliances for small branch offices up to large enterprises, offering throughput of 50 Mbps up to 60 Mbps. NGIPS offers URL-based security intelligence, AMP Threat Grid integration, and is backed by the company's Talos security research team.
See our in-depth look at Cisco Firepower NGIPS