Outstanding Results – Check Point Achieves 3rd NSS Recommended Rating This Year

Great news! I’m glad to report we achieved another NSS Recommended in their recent NGIPS Group Test! This is our 3rd NSS Recommended this year and our 13th since we began working with NSS Labs in 2011. The previous two tests this year measured our Next Generation Firewall capabilities and the Breach Detection System (advanced threat prevention) capabilities. This is a great achievement and Check Point stands out as the only vendor to achieve NSS Recommended in these three tests this year.

At first, you might think the differences between security products are small but that’s NOT the case. NSS published the results for eight products and they stated in their press release that the security effectiveness ranged from 24.9% to 99.9% – a huge gap. We are the 99.9% effectiveness product. Total cost of ownership also varies greatly between products. Based on the NSS release, TCO ranged from $8 to $27 per Megabit per second. We are at $8 – providing the lowest total cost of ownership.

However, in many cases the difference between security products is measured in small increments – as small as tenths of a percent. While tenths of a percent may sound insignificant, in reality it might be critical for your business. A 98% block rate on the NSS Exploit Library means your business is vulnerable to 40 of those attacks. That’s not encouraging. In this NSS report, the range in security effectiveness was untypically wide – from 24.9% to 99.9% – which means that the product with the highest block rate was only susceptible to a single attack, compared to 1,491 attacks on the weakest products. That’s almost 1,500 times better than the worst product and 20-50 better than others. So yes, tenths of a percent difference in security score can mean a great difference in the level of security. With that as background, here is the NSS Security Value Map which graphically represents the test results.


The NSS tests themselves are not child’s play. Just as you, as a security buyer, evaluate products to separate the best from the rest, NSS tests do the same. Through a series of truly “roll up your sleeves, down and dirty, hands-on” product tests, they very thoroughly evaluate each product’s security, performance, stability and total cost of ownership. This NSS NGIPS did just that.

  • This NSS NGIPS test included more than 120 different evasion techniques. If attackers can evade (i.e. bypass) your IPS, then you are open to attack. Our IPS was 100% resistant to all evasions.
  • Protection of Key Business Applications. Security exploits exist in applications and technologies that we all use daily from all the major brand names. We caught 100% of the exploits in Adobe, Apple, IBM and Oracle.
  • Extensive Protection. This test included 1,986 exploits from the NSS Exploit Library from 2004 to current day targeting more than 70 different vendor target systems and applications. Our IPS blocked all of them but one.
  • Live, Current Protection. This NGIPS test included a 24/7 live test environment named the Cyber Advanced Warning System (CAWS). This system launched over 2,400 attacks from active “drive by” campaigns that target client applications. During the 30 days of the NGIPS test period, our IPS succeeded to block 99.8% of these dynamic attacks.  Outside of this test, we test our products in CAWS 24/7 to continually monitor and advance our protections.
  • Application Control, False Positive and Stability and Reliability tests. NSS test product accuracy and reliability under the strain of varied loads and traffic mixes. Our IPS passed all these tests.
  • Total Cost of Ownership. NSS’ “Price/Mbps-Protected” formula analyzes the combined security-performance-cost value of each product and nicely clarifies those that stand out above the crowd. Our IPS delivered a leading total cost of ownership of $8 in this test.
  • Ease of Use – Our results were delivered with our easy to use, “out of the box” Recommended IPS policy, meaning no special tuning is required.

Just as when you conduct your own “product bake-offs”, in NSS public tests, there is nowhere to hide. The vendor with the best product, the best R&D and the most organized and focused on serving their customers, will do well. From our earliest days, we have focused on building excellent products for our customers and I’m happy to say that our R&D today continues this as the central focus of their work. I believe this is why we continually do so well in NSS Labs and other independent tests and analysis.

In regular conversations with our customers, we know many of you are planning to move your security to advanced threat prevention solutions so it is important to highlight that Check Point’s firewall and intrusion prevention technologies are integral layers in our Next Generation Threat Prevention with SandBlast (NGTX) solution. And as mentioned earlier, we are also active in testing our advanced threat prevention solution and achieved NSS Recommended in their Breach Detection System (BDS) test both this year and in 2015, as well as exceptional ratings from other industry tests and evaluations too.

We look forward to participating in future NSS Labs and other third-party tests to continually challenge and improve our products for our customers and prospects. For even more details about the test and our results, I encourage you to read our full 2016 NSS Next Generation IPS Group Test report here.