Papers & Multimedia

White Papers

Looking for an IPS to protect your enterprise or government organization?  Check out the paper below related to helping you choose the right one.  Also review the document about throughput as it too contains information about which you should be aware.  

How to Select a Network Intrusion Prevention System  
Factors Affecting Network IPS Throughput


Historical White Papers

Though the following documents are a bit dated, there continues to be nuggets of information in them that may be helpful to enterprises.  

Determining Essential Coverage Protection for Network IPS Testing
Cleaning Packet Captures for Network IPS Testing
Replaying Packet Captures Using Tomahawk


ICSA Labs: IPS Testing Hear the Network IPS panel   View the slides
RSA Conference • Network IPS experts fielded questions about the state of intrusion prevention, the landscape of evolving threats, and questions about their experiences with ICSA Labs Network IPS testing. Jack Walsh, the former ICSA Labs Intrusion Detection & Prevention Program Manager (, was the moderator of the panel. He was accompanied by panelists from Fortinet, IBM Internet Security Systems, TippingPoint, and BroadWeb. • Running time ~70 mins. Edited and used with permission.


Open Source

Beyond white papers and presentations, ICSA Labs has helped the open source community through its work on improving the Tomahawk testing tool which is useful for properly replaying packet captures in network IPS testing. Nearly 40% of all Tomahawk code was written by ICSA Labs. Review the improvements that ICSA Labs made to Tomahawk and fed back into the open source project.  

ICSA Labs' Tomahawk Enhancements