There is a three-fold focus in ICSA Labs network IPS testing -- provide ongoing vulnerability-based coverage protection for high severity vulnerabilities in enterprise software -- introduce a minimal amount of latency -- and provide logging, authentication, and other administrative functions. In the standard against which ICSA Labs tests - the Network IPS Enterprise Certification Testing Criteria - these three categories of requirements expand to nearly 50 distinct requirements and hundreds of test cases.
The criteria document refers to an evolving "vulnerability set". Though a network IPS may provide additional protections, the device must minimally protect against all exploits (and evasions) targeting the more contemporary vulnerabilities in this list and 90% of the core vulnerabilities that have been around for longer. This vulnerability set is currently comprised of high severity client and server-side vulnerabilities in enterprise software.
The latest version of the network IPS testing criteria (version 1.4) was released on Nov., 24, 2011. All testing is currently being performed against this version. ICSA Labs welcomes any comments you may have on this criteria. Comments should be sent to us at, firstname.lastname@example.org.
To attain and retain certification, network IPS developers must meet the entire set of criteria requirements referred to above.